XML Entity Injection Vulnerability in RSA Authentication Manager

by Prophaze WAF January 5, 2020

Overview :

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.

Affected Product(s) :

RSA® Authentication Manager software version 8.4 P6 and earlier

Vulnerability Details :

CVE ID :	CVE-2019-3768
	RSA Authentication Manager software contains an XML Entity Injection vulnerability associated with token distribution. CVSSv3 Base Score 6.5 Medium (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Solution :

Update to the latest version

CVE-2019-3768 RSA®

You might also like

CVE-2024-45663 : IBM DB2/DB2 CONNECT SERVER 11.1/11.5 QUERY DENIAL OF SERVICE

CVE-2024-52739 : D-LINK DI-8400 16.07.26A1 MSP_INFO_HTM CMD PRIVILEGE ESCALATION

CVE-2024-52769 : DEDEBIZ 6.3.0 FILE /ADMIN/FRIENDLINK_EDIT UNRESTRICTED UPLOAD