CVE-2019-18574

Current Description

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

Basic Data

PublishedDecember 03, 2019
Last ModifiedDecember 10, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEmcRsa Authentication Manager8.4-******
    2.3ApplicationEmcRsa Authentication Manager8.4p1******
    2.3ApplicationEmcRsa Authentication Manager8.4p2******
    2.3ApplicationEmcRsa Authentication Manager8.4p3******
    2.3ApplicationEmcRsa Authentication Manager8.4p4******
    2.3ApplicationEmcRsa Authentication Manager8.4p5******
    2.3ApplicationEmcRsa Authentication Manager8.4p6******
    2.3ApplicationEmcRsa Authentication Manager8.4p7******
    2.3ApplicationRsaAuthentication Manager********8.4

Vulnerable Software List

VendorProductVersions
Rsa Authentication Manager *
Emc Rsa Authentication Manager 8.4

References

NameSourceURLTags
https://www.dell.com/support/security/en-us/details/DOC-109297/DSA-2019-168-RSA®-Authentication-Manager-Software-Stored-Cross-Site-Scripting-Vulnerabilityhttps://www.dell.com/support/security/en-us/details/DOC-109297/DSA-2019-168-RSA®-AuthenticationMISCVendor Advisory