CVE-2017-8000
N/A
N/A
Summary
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | RSA Authentication Manager 8.2 SP1 and earlier | RSA Authentication Manager 8.2 SP1 and earlier | affected |
Weaknesses
- Stored Cross-Site Scripting Vulnerabilities
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1038878
- http://seclists.org/fulldisclosure/2017/Jul/25
- http://www.securityfocus.com/bid/99572
References
- http://www.securitytracker.com/id/1038878
- http://seclists.org/fulldisclosure/2017/Jul/25
- http://www.securityfocus.com/bid/99572
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.