CVE-2020-5346 MEDIUM

CVE-2020-5346

Vendor Dell
Product RSA Authentication Manager
Weakness CWE-79 · XSS
Published April 15, 2020
Last update September 16, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Key dates

02Disclosure timeline

April 15, 2020 CVE published
September 16, 2024 Record updated