EMC RSA Authentication Manager CVE-2017-14379 HTML Injection Vulnerability



EMC RSA Authentication Manager is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.

RSA Authentication Manager 8.2 SP1 Patch 5 and prior are vulnerable.

Information

Bugtraq ID: 101925
Class: Input Validation Error
CVE: CVE-2017-14379

Remote: Yes
Local: No
Published: Nov 20 2017 12:00AM
Updated: Nov 20 2017 12:00AM
Credit: Nirmal Kirubakaran from eBay Penetration Testing.
Vulnerable: EMC RSA Authentication Manager 8.2 SP1 Patch 5
EMC RSA Authentication Manager 8.2 SP1 Patch 4
EMC RSA Authentication Manager 8.2 SP1 Patch 2
EMC RSA Authentication Manager 8.2 SP1 Patch 1
EMC RSA Authentication Manager 8.2 SP1
EMC RSA Authentication Manager 8.2


Not Vulnerable: EMC RSA Authentication Manager 8.2 SP1 Patch 6


Exploit


An attacker can exploit this issue using a web browser.


Related Posts

Comments