CVE-2018-11075 Information

Description

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote unauthenticated malicious user with the knowledge of a target user’s anti-CSRF token could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application which code is then executed by the victim’s web browser in the context of the vulnerable web application.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/105410 http://www.securitytracker.com/id/1041697 https://seclists.org/fulldisclosure/2018/Sep/39

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.7