Lucene search

DellCVELIST:CVE-2018-15782

HistoryJan 16, 2019 - 8:00 p.m.

CVE-2018-15782 DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

2019-01-1620:00:00

dell

www.cve.org

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.9%

JSON

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

CNA Affected

[
  {
    "product": "RSA Authentication Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2019/Jan/18

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVELIST:CVE-2018-15782