CVE-2012-2280

EUVD-2012-2273
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
emcrsa_authentication_manager
𝑥
≤ 7.1
emcrsa_authentication_manager
7.0
emcrsa_authentication_manager
7.1
emcrsa_authentication_manager
7.1:sp3
rsaauthentication_manager
7.1:sp42
rsasecurid_appliance
2.0
rsasecurid_appliance
2.0.1
rsasecurid_appliance
2.0.2
rsasecurid_appliance
3.0
rsasecurid_appliance
3.0:sp2
rsasecurid_appliance
3.0:sp3
rsasecurid_appliance
3.0:sp4
𝑥
= Vulnerable software versions
References
http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html
http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html