Vulnerability Details CVE-2019-18574
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://www.dell.com/support/security/en-us/details/DOC-109297/DSA-2019-168-RSA®%3B-Authentication-Manager-Software-Stored-Cross-Site-Scripting-Vulnerability
- https://www.dell.com/support/security/en-us/details/DOC-109297/DSA-2019-168-RSA®%3B-Authentication-Manager-Software-Stored-Cross-Site-Scripting-Vulnerability
Products affected by CVE-2019-18574
-
cpe:2.3:a:emc:rsa_authentication_manager:8.4
-
cpe:2.3:a:rsa:authentication_manager:-
-
cpe:2.3:a:rsa:authentication_manager:6.0
-
cpe:2.3:a:rsa:authentication_manager:6.1
-
cpe:2.3:a:rsa:authentication_manager:7.0
-
cpe:2.3:a:rsa:authentication_manager:7.1
-
cpe:2.3:a:rsa:authentication_manager:8.0
-
cpe:2.3:a:rsa:authentication_manager:8.1
-
cpe:2.3:a:rsa:authentication_manager:8.2
-
cpe:2.3:a:rsa:authentication_manager:8.3