| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2017 15:51:20 +0000 From: EMC Product Security Response Center <Security_Alert@....com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability EMC Identifier: ESA-2017-134 CVE Identifier: CVE-2017-14373 Severity Rating: CVSSv3: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: RSA Authentication Manager 8.2 SP1 P4 and earlier Summary: RSA Authentication Manager 8.2 SP1 Patch 5 contains a fix for a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Details: The RSA Authentication Manager Security Console is affected by a reflected cross-site scripting vulnerability via an argument in the HTTP POST request. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user’s browser session in the context of the affected RSA Authentication Manager application. Recommendation: The following RSA Authentication Manager release contains a resolution for this vulnerability: •RSA Authentication Manager 8.2 SP1 Patch 5 and later RSA recommends all customers upgrade at the earliest opportunity. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZ6e0VAAoJEHbcu+fsE81Z1eoH/iselhrcUm2pJ8N0Sxt3l5bl ZcF8AfR7fNVV41EAf5kmxYKX6Uv7or5DzSHUa/bIhJu/bKGOQJcOewk/qxEKhhKe idI64cXcBS4RLH0HPv9nmaOUPHKsmQIjIbXHFdod4jcRtAEX2PcRYsC8+3P8ZFtJ tEV0y8OGFYblxVGDrAE/mdJOW/0OPweXaUzlDdnxz85BZRgOTGyEzncSs90ysEpM fTZxozgbePJ2x4Phr4DCWhAL/Q+LETDYB3XqiRRyixw+fGzvMGBWUTOEMVmNonm0 ACyPz+E6VJ+GwNfX24NPTkxuHv37yFV8mtkReNstVsgheUoGB5XNuPYAMI2Zy9A= =VgMU -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists