EMC RSA Security Analytics CVE-2016-8215 Unspecified Cross Site Scripting Vulnerability

EMC RSA Security Analytics is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to RSA Security Analytics 10.6.2 are vulnerable.

Information

Bugtraq ID: 95718
Class: Input Validation Error
CVE: CVE-2016-8215

Remote: Yes
Local: No
Published: Jan 23 2017 12:00AM
Updated: May 03 2017 08:06AM
Credit: Dicky Hermansyah from MII CAS
Vulnerable: EMC RSA Security Analytics 10.6.1
EMC RSA Security Analytics 10.5.2
EMC RSA Security Analytics 10.5.1
EMC RSA Security Analytics 10.6
EMC RSA Security Analytics 10.5

Not Vulnerable: EMC RSA Security Analytics 10.6.2
EMC RSA Security Analytics 10.5.3

Exploit

An attacker can exploit these issues by enticing an unsuspecting user to visit a specially crafted URL.

References:

• EMC Homepage (EMC)
  
• ESA-2016-150: RSA Security Analytics Reflected Cross-Site Scripting Vulnerabilit (EMC)
  

Source: www.securityfocus.com