Vulnerability Description
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Authentication Manager | 8.3 |
| Rsa | Authentication Manager | <= 8.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105410Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041697Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/39Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105410Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041697Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/39Mailing ListThird Party Advisory
FAQ
What is CVE-2018-11073?
CVE-2018-11073 is a vulnerability with a CVSS score of 6.5 (MEDIUM). RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulne...
How severe is CVE-2018-11073?
CVE-2018-11073 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11073?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Authentication Manager, Rsa Authentication Manager.