The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RSA Authentication Manager

vulnerability alert CVE-2019-3711

RSA Authentication Manager: privilege escalation via Previous Domain Password

Synthesis of the vulnerability

An attacker can bypass restrictions via Previous Domain Password of RSA Authentication Manager, in order to escalate his privileges.
Impacted products: RSA Authentication Manager.
Severity: 1/4.
Consequences: privileged access/rights, user access/rights.
Provenance: privileged account.
Creation date: 04/03/2019.
Identifiers: CVE-2019-3711, DSA-2019-038, VIGILANCE-VUL-28641.

Description of the vulnerability

An attacker can bypass restrictions via Previous Domain Password of RSA Authentication Manager, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-15782

RSA Authentication Manager: directory traversal via Quick Setup

Synthesis of the vulnerability

An attacker can traverse directories via Quick Setup of RSA Authentication Manager, in order to create a file outside the service root path.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/01/2019.
Identifiers: CVE-2018-15782, DSA-2018-226, VIGILANCE-VUL-28172.

Description of the vulnerability

An attacker can traverse directories via Quick Setup of RSA Authentication Manager, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-11073 CVE-2018-11074 CVE-2018-11075

RSA Authentication Manager: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of RSA Authentication Manager.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/09/2018.
Identifiers: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075, DSA-2018-152, VIGILANCE-VUL-27282.

Description of the vulnerability

An attacker can use several vulnerabilities of RSA Authentication Manager.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1253 CVE-2018-1254

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/06/2018.
Identifiers: CVE-2018-1253, CVE-2018-1254, DSA-2018-107, VIGILANCE-VUL-26436.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-15546

RSA Authentication Manager: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of RSA Authentication Manager, in order to read or alter data.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 18/01/2018.
Revision date: 24/01/2018.
Identifiers: CVE-2017-15546, ESA-2018-002, VIGILANCE-VUL-25105.

Description of the vulnerability

The RSA Authentication Manager product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of RSA Authentication Manager, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-10068 CVE-2017-10262 CVE-2017-10273

Oracle Fusion Middleware: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, RSA Authentication Manager.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 12.
Creation date: 17/01/2018.
Identifiers: cpujan2018, CVE-2017-10068, CVE-2017-10262, CVE-2017-10273, CVE-2018-2561, CVE-2018-2564, CVE-2018-2584, CVE-2018-2596, CVE-2018-2601, CVE-2018-2625, CVE-2018-2711, CVE-2018-2713, CVE-2018-2715, ESA-2018-003, VIGILANCE-VUL-25081.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-14379

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/11/2017.
Identifiers: CVE-2017-14379, ESA-2017-152, VIGILANCE-VUL-24507.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-14373

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2017.
Identifiers: CVE-2017-14373, ESA-2017-134, VIGILANCE-VUL-24181.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-8000

RSA Authentication Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/07/2017.
Identifiers: CVE-2017-8000, ESA-2017-068, VIGILANCE-VUL-23241.

Description of the vulnerability

The RSA Authentication Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of RSA Authentication Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-8006

RSA Authentication Manager: privilege escalation via Brute Force PIN-Guessing

Synthesis of the vulnerability

An attacker can bypass restrictions via Brute Force PIN-Guessing of RSA Authentication Manager, in order to escalate his privileges.
Impacted products: RSA Authentication Manager.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 13/07/2017.
Identifiers: CVE-2017-8006, ESA-2017-084, VIGILANCE-VUL-23240.

Description of the vulnerability

An attacker can bypass restrictions via Brute Force PIN-Guessing of RSA Authentication Manager, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RSA Authentication Manager: