The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RSA Authentication Manager

vulnerability announce CVE-2018-11073 CVE-2018-11074 CVE-2018-11075

RSA Authentication Manager: three vulnerabilities

Synthesis of the vulnerability

Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 21/09/2018.
Identifiers: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075, DSA-2018-152, VIGILANCE-VUL-27282.

Description of the vulnerability

An attacker can use several vulnerabilities of RSA Authentication Manager.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-1253 CVE-2018-1254

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 15/06/2018.
Identifiers: CVE-2018-1253, CVE-2018-1254, DSA-2018-107, VIGILANCE-VUL-26436.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-15546

RSA Authentication Manager: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of RSA Authentication Manager, in order to read or alter data.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 18/01/2018.
Revision date: 24/01/2018.
Identifiers: CVE-2017-15546, ESA-2018-002, VIGILANCE-VUL-25105.

Description of the vulnerability

The RSA Authentication Manager product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of RSA Authentication Manager, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-10068 CVE-2017-10262 CVE-2017-10273

Oracle Fusion Middleware: vulnerabilities of January 2018

Synthesis of the vulnerability

Impacted products: Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, RSA Authentication Manager.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 17/01/2018.
Identifiers: cpujan2018, CVE-2017-10068, CVE-2017-10262, CVE-2017-10273, CVE-2018-2561, CVE-2018-2564, CVE-2018-2584, CVE-2018-2596, CVE-2018-2601, CVE-2018-2625, CVE-2018-2711, CVE-2018-2713, CVE-2018-2715, ESA-2018-003, VIGILANCE-VUL-25081.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-14379

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 21/11/2017.
Identifiers: CVE-2017-14379, ESA-2017-152, VIGILANCE-VUL-24507.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-14373

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/10/2017.
Identifiers: CVE-2017-14373, ESA-2017-134, VIGILANCE-VUL-24181.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-8000

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/07/2017.
Identifiers: CVE-2017-8000, ESA-2017-068, VIGILANCE-VUL-23241.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-8006

RSA Authentication Manager: privilege escalation via Brute Force PIN-Guessing

Synthesis of the vulnerability

Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 13/07/2017.
Identifiers: CVE-2017-8006, ESA-2017-084, VIGILANCE-VUL-23240.

Description of the vulnerability

An attacker can bypass restrictions via Brute Force PIN-Guessing of RSA Authentication Manager, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-3230 CVE-2017-3499 CVE-2017-3506

Oracle Fusion Middleware: vulnerabilities of April 2017

Synthesis of the vulnerability

Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic, RSA Authentication Manager.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/04/2017.
Revision date: 20/04/2017.
Identifiers: cpuapr2017, CVE-2017-3230, CVE-2017-3499, CVE-2017-3506, CVE-2017-3507, CVE-2017-3531, CVE-2017-3540, CVE-2017-3541, CVE-2017-3542, CVE-2017-3543, CVE-2017-3545, CVE-2017-3553, CVE-2017-3554, CVE-2017-3591, CVE-2017-3593, CVE-2017-3594, CVE-2017-3595, CVE-2017-3596, CVE-2017-3597, CVE-2017-3598, CVE-2017-3601, CVE-2017-3602, CVE-2017-3603, CVE-2017-3625, CVE-2017-3626, ESA-2017-085, VIGILANCE-VUL-22492, ZDI-17-288.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2183 CVE-2016-5546 CVE-2016-5547

Oracle Java: vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Fedora, AIX, Domino, Notes, IRAD, Security Directory Server, QRadar SIEM, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, Solaris, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 18/01/2017.
Identifiers: 1998379, 1998858, 1999054, 1999999, 2000212, 2000304, 2000516, 2000544, 2000602, 2000988, 2000990, 2001608, 2002331, 2002335, 2002336, 2002479, 2002537, 2002966, 2002991, 2003145, 2004036, 2004938, 2007242, bulletinapr2017, CERTFR-2017-AVI-017, cpujan2017, CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289, DLA-802-1, DLA-821-1, DSA-3782-1, ERPSCAN-17-006, ESA-2017-051, FEDORA-2017-4cb58f0bda, FEDORA-2017-c1252ccd41, ibm10718843, java_jan2017_advisory, NTAP-20170119-0001, openSUSE-SU-2017:0374-1, openSUSE-SU-2017:0513-1, RHSA-2017:0175-01, RHSA-2017:0176-01, RHSA-2017:0177-01, RHSA-2017:0180-01, RHSA-2017:0263-01, RHSA-2017:0269-01, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:0462-01, SB10186, SUSE-SU-2017:0346-1, SUSE-SU-2017:0460-1, SUSE-SU-2017:0490-1, SUSE-SU-2017:1444-1, USN-3179-1, USN-3194-1, USN-3198-1, VIGILANCE-VUL-21606, ZDI-17-056, ZDI-17-057.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3289, ZDI-17-057]

An attacker can use a vulnerability via Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3272, ZDI-17-056]

An attacker can use a vulnerability via RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3241]

An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3260]

An attacker can use a vulnerability via 2D, in order to trigger a denial of service. [severity:3/4; CVE-2017-3253]

An attacker can use a vulnerability via Libraries, in order to alter information. [severity:3/4; CVE-2016-5546]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5549]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5548]

An attacker can use a vulnerability via JAAS, in order to alter information. [severity:2/4; CVE-2017-3252]

An attacker can use a vulnerability via Java Mission Control, in order to obtain information. [severity:2/4; CVE-2017-3262]

An attacker can use a vulnerability via Libraries, in order to trigger a denial of service. [severity:2/4; CVE-2016-5547]

An attacker can use a vulnerability via Networking, in order to alter information. [severity:2/4; CVE-2016-5552]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3231]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3261]

An attacker can use a vulnerability via Deployment, in order to obtain information. [severity:1/4; CVE-2017-3259]

An attacker can use a vulnerability via Java Mission Control, in order to alter information. [severity:1/4; CVE-2016-8328]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:1/4; CVE-2016-2183]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RSA Authentication Manager: