Multiple vulnerabilities in RSA Authentication Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-1247 CVE-2018-1248 |
| CWE-ID | CWE-611 CWE-113 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
RSA Authentication Manager Web applications / Remote management & hosting panels |
| Vendor | RSA |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) XXE attack
EUVDB-ID: #VU12369
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-1247
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and cause DoS condition on the target system.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
Update to version 8.3 P1.
Vulnerable software versionsRSA Authentication Manager: 8.0 - 8.2 SP1 Patch 7
External linkshttp://seclists.org/fulldisclosure/2018/May/18
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) HTTP response splitting
EUVDB-ID: #VU12370
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1248
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to improper handling of HTTP requests. A remote attacker can trick the victim into opening a specially crafted URL, conduct HTTP header injection attack and poison any intermediate web caches with arbitrary content.
Update to version 8.3 P1.
Vulnerable software versionsRSA Authentication Manager: 8.0 - 8.2 SP1 Patch 7
External linkshttp://seclists.org/fulldisclosure/2018/May/18
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
