Vulnerability Description
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Authentication Manager | <= 8.3 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Jun/39Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104534Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041134Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jun/39Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104534Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041134Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1254?
CVE-2018-1254 is a vulnerability with a CVSS score of 6.1 (MEDIUM). RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vuln...
How severe is CVE-2018-1254?
CVE-2018-1254 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1254?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Authentication Manager.