CVE-2018-11075 Vulnerability Details

  /     /     /  

CVE-2018-11075 Metadata Quick Info

CVE Published: 28/09/2018 | CVE Updated: 17/09/2024 | CVE Year: 2018
Source: dell | Vendor: RSA | Product: Authentication Manager
Status : PUBLISHED

---

CVE-2018-11075 Description

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user\'s anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim\'s web browser in the context of the vulnerable web application.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Reflected cross-site scripting vulnerability
Source: RSA

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).