CVE-2019-18574

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.
Configurations

Configuration 1

cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p6:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p5:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p4:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p3:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p2:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p1:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p7:*:*:*:*:*:*

Information

Published : 2019-12-03 09:15

Updated : 2020-04-01 04:40


NVD link : CVE-2019-18574

Mitre link : CVE-2019-18574

Products Affected
CWE