SynopsisAn application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of EMC RSA Authentication Manager running on the remote host is prior to 8.3 Patch 1 (184.108.40.206). It is, therefore affected by the following vulnerabilities:
- A flaw exists with the Security Console due to improper parsing of XML data. An authenticated remote attacker, with a specifically crafted XML data, could potentially cause a denial of service or access sensitive information. (CVE-2018-1247)
- A flaw exists with the Security Console, Operation Console and Self-Service Console due to improper sanitization of input when handling specially crafted requests. A context-dependent attacker could inject custom http headers, potentially poisoning the http cache and redirecting users. (CVE-2018-1248)
SolutionUpgrade to EMC RSA Authentication Manager version 8.3 Patch 1 (220.127.116.11) or later.