Vulnerabilities > EMC > RSA Authentication Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-25 | CVE-2017-15546 | SQL Injection vulnerability in EMC RSA Authentication Manager The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. | 4.3 |
| 2017-11-28 | CVE-2017-14379 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 5.4 |
| 2017-10-31 | CVE-2017-14373 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 6.1 |
| 2017-07-17 | CVE-2017-8006 | Improper Authentication vulnerability in EMC RSA Authentication Manager In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. | 5.9 |
| 2017-07-17 | CVE-2017-8000 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. | 4.8 |
| 2016-05-07 | CVE-2016-0902 | Unspecified vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.3 |
| 2016-05-07 | CVE-2016-0901 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | 6.1 |
| 2016-05-07 | CVE-2016-0900 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | 6.1 |