Vulnerabilities > CVE-2019-3768 - XXE vulnerability in EMC RSA Authentication Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.dell.com/support/security/en-us/details/DOC-108320/DSA-2019-148-RSA®%3B-Authentication-Manager-Software-XML-Entity-Injection-Vulnerability
- https://www.dell.com/support/security/en-us/details/DOC-108320/DSA-2019-148-RSA®%3B-Authentication-Manager-Software-XML-Entity-Injection-Vulnerability