CVE-2019-18574

Опубликовано: 03 дек. 2019

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p1:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p2:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p3:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p4:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p5:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p6:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_authentication_manager:8.4:p7:*:*:*:*:*:*

cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*

Версия до 8.4 (исключая)

EPSS

Процентиль: 48%

0.00248

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9xxv-5cr7-5gvp

github

больше 3 лет назад

EPSS

Процентиль: 48%

0.00248

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79