EMC RSA Authentication Manager Cross Site Scripting and HTML Injection Vulnerabilities
BID:105410
CVE-2018-11073 | CVE-2018-11074 | CVE-2018-11075 |Info
EMC RSA Authentication Manager Cross Site Scripting and HTML Injection Vulnerabilities
| Bugtraq ID: | 105410 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-11073 CVE-2018-11074 CVE-2018-11075 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2018 12:00AM |
| Updated: | Sep 21 2018 12:00AM |
| Credit: | Mantas Juskauskas |
| Vulnerable: |
EMC RSA Authentication Manager 8.3 P1 EMC RSA Authentication Manager 8.3 EMC RSA Authentication Manager 8.2 SP1 Patch 7 EMC RSA Authentication Manager 8.2 SP1 Patch 6 EMC RSA Authentication Manager 8.2 SP1 Patch 5 EMC RSA Authentication Manager 8.2 SP1 Patch 4 EMC RSA Authentication Manager 8.2 SP1 Patch 2 EMC RSA Authentication Manager 8.2 SP1 Patch 1 EMC RSA Authentication Manager 8.2 SP1 EMC RSA Authentication Manager 8.2 EMC RSA Authentication Manager 8.1 SP1 Patch 14 EMC RSA Authentication Manager 8.1 Patch 6 EMC RSA Authentication Manager 8.1 EMC RSA Authentication Manager 8.0 |
| Not Vulnerable: |
EMC RSA Authentication Manager 8.3 P3 |
Discussion
EMC RSA Authentication Manager Cross Site Scripting and HTML Injection Vulnerabilities
EMC RSA Authentication Manager is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Versions prior to RSA Authentication Manager 8.3 P3 are vulnerable.
EMC RSA Authentication Manager is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Versions prior to RSA Authentication Manager 8.3 P3 are vulnerable.
Exploit / POC
EMC RSA Authentication Manager Cross Site Scripting and HTML Injection Vulnerabilities
An attacker can exploit these issues using a browser. To exploit a cross-site scripting vulnerability the attacker entices an unsuspecting user to visit a specially crafted URL.
An attacker can exploit these issues using a browser. To exploit a cross-site scripting vulnerability the attacker entices an unsuspecting user to visit a specially crafted URL.
References
EMC RSA Authentication Manager Cross Site Scripting and HTML Injection Vulnerabilities
References:
References: