Overview :
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Affected Product(s) :
  • RSA® Authentication Manager software version 8.4 P6 and earlier
Vulnerability Details :
CVE ID : CVE-2019-3768

RSA Authentication Manager software contains an XML Entity Injection vulnerability associated with token distribution.

CVSSv3 Base Score 6.5 Medium (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Solution :

Update to the latest version