Vulnerabilities > RSA > Authentication Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-03 CVE-2019-18574 Cross-site Scripting vulnerability in multiple products
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console.
network
low complexity
rsa emc CWE-79
4.8
4.8
2019-03-13 CVE-2019-3711 RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability.
network
low complexity
emc rsa
4.0
4.0
2018-09-28 CVE-2018-11074 Cross-site Scripting vulnerability in multiple products
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files.
network
rsa emc CWE-79
4.3
4.3
2018-05-08 CVE-2018-1248 Open Redirect vulnerability in RSA Authentication Manager
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability.
network
rsa CWE-601
5.8
5.8
2018-05-08 CVE-2018-1247 XXE vulnerability in RSA Authentication Manager
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability.
network
rsa CWE-611
5.8
5.8
2012-07-13 CVE-2012-2280 EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
network
low complexity
emc rsa
5.0
5.0
2012-07-13 CVE-2012-2279 Improper Input Validation vulnerability in multiple products
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
emc rsa CWE-20
6.4
6.4
2012-07-13 CVE-2012-2278 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc rsa CWE-79
4.3
4.3