CVE-2018-1253

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
dellCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
emcrsa_authentication_manager
𝑥
≤ 7.0
emcrsa_authentication_manager
7.1
emcrsa_authentication_manager
7.1:sp2
emcrsa_authentication_manager
7.1:sp3
emcrsa_authentication_manager
7.1:sp4
emcrsa_authentication_manager
8.0
emcrsa_authentication_manager
8.0:p1
emcrsa_authentication_manager
8.1
emcrsa_authentication_manager
8.1:sp1
emcrsa_authentication_manager
8.2
emcrsa_authentication_manager
8.2:sp1
emcrsa_authentication_manager
8.3
emcrsa_authentication_manager
8.3:p1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Jun/39
http://www.securityfocus.com/bid/104534
http://www.securitytracker.com/id/1041134
http://seclists.org/fulldisclosure/2018/Jun/39
http://www.securityfocus.com/bid/104534
http://www.securitytracker.com/id/1041134