Описание
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 8.4 (исключая)
Одно из
cpe:2.3:a:emc:rsa_authentication_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p1:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p2:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p3:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p4:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p5:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.4:p6:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00526
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611
CWE-611
Связанные уязвимости
github
больше 3 лет назад
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
EPSS
Процентиль: 66%
0.00526
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611
CWE-611