Main Vulnerability Database SB2020041526

SB2020041526 - Cross-site scripting in RSA Authentication Manager

Published: April 15, 2020 Updated: May 17, 2025

Security Bulletin ID SB2020041526

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2020-5346)

The vulnerability allows a remote privileged user to read and manipulate data.

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Remediation

Install update from vendor's website.

References

https://community.rsa.com/s/article/DSA-2020-066-RSA-Authentication-Manager-Stored-Cross-Site-Scripting