Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2019-18574
HistoryDec 03, 2019 - 9:15 p.m.

CVE-2019-18574

2019-12-0321:15:10
CWE-79
dell
web.nvd.nist.gov
48
cve-2019-18574
rsa authentication manager
stored xss vulnerability
security console
web security
nvd
information security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

Affected configurations

Nvd
Node
emcrsa_authentication_managerMatch8.4-
OR
emcrsa_authentication_managerMatch8.4p1
OR
emcrsa_authentication_managerMatch8.4p2
OR
emcrsa_authentication_managerMatch8.4p3
OR
emcrsa_authentication_managerMatch8.4p4
OR
emcrsa_authentication_managerMatch8.4p5
OR
emcrsa_authentication_managerMatch8.4p6
OR
emcrsa_authentication_managerMatch8.4p7
OR
rsaauthentication_managerRange<8.4
VendorProductVersionCPE
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p1:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p2:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p3:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p4:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p5:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p6:*:*:*:*:*:*
emcrsa_authentication_manager8.4cpe:2.3:a:emc:rsa_authentication_manager:8.4:p7:*:*:*:*:*:*
rsaauthentication_manager*cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "RSA Authentication Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "8.4 P8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
symantec 1
prion 1
cvelist 1
nvd 1
nessus
nessus
EMC RSA Authentication Manager < 8.4 Patch 8 XSS (DSA-2019-168)
2019-12-12 00:00:00
symantec
symantec
Dell EMC RSA Authentication Manager CVE-2019-18574 HTML Injection Vulnerability
2019-11-25 00:00:00
prion
prion
Cross site scripting
2019-12-03 21:15:00
cvelist
cvelist
CVE-2019-18574
2019-12-03 20:20:15
nvd
nvd
CVE-2019-18574
2019-12-03 21:15:10

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON
Related for CVE-2019-18574
nessus1symantec1prion1cvelist1nvd1