Vulnerability Description
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Authentication Manager | <= 8.3 |
| Emc | Rsa Authentication Manager | 8.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105410Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041697Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/39Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105410Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041697Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Sep/39Mailing ListThird Party Advisory
FAQ
What is CVE-2018-11074?
CVE-2018-11074 is a vulnerability with a CVSS score of 6.1 (MEDIUM). RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attack...
How severe is CVE-2018-11074?
CVE-2018-11074 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11074?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Manager, Emc Rsa Authentication Manager.