← Back to CVEs
CVE-2020-5346
MEDIUM4.8
Description
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVE Details
CVSS v3.1 Score4.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionREQUIRED
Published4/15/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
emc:rsa_authentication_manager
Weaknesses (CWE)
CWE-79CWE-79
References
https://community.rsa.com/docs/DOC-111347(security_alert@emc.com)
https://community.rsa.com/docs/DOC-111347(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.