CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8000

In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.6%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

Products affected by CVE-2017-8000

Emc » Rsa Authentication Manager » Version: 7.1

cpe:2.3:a:emc:rsa_authentication_manager:7.1
Emc » Rsa Authentication Manager » Version: 8.0

cpe:2.3:a:emc:rsa_authentication_manager:8.0
Emc » Rsa Authentication Manager » Version: 8.1

cpe:2.3:a:emc:rsa_authentication_manager:8.1
Emc » Rsa Authentication Manager » Version: 8.2

cpe:2.3:a:emc:rsa_authentication_manager:8.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8000

Products

Pricing

Contact Us