RSA Authentication Manager update for third-party components

1) Code Injection

EUVDB-ID: #VU95339

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6345

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU98648

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21217

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU98645

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU98644

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21235

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU98636

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21260

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU98635

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21234

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU98634

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21215

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU98627

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-21216

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU96825

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-20505

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the PDF file parser. A remote attacker can pass a specially crafted PDF file to the antivirus, trigger an out-of-bounds read error and crash the antivirus engine.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU94326

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52885

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU94203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40910

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU96493

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU94432

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48805

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource exhaustion

EUVDB-ID: #VU84507

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-47108

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to grpc Unary Server Interceptor does not properly control consumption of internal resources when processing multiple requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource exhaustion

EUVDB-ID: #VU83546

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45142

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RSA Authentication Manager: 8.7 SP2 - 8.7 SP2 Patch 4

CPE2.3

• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 1:*:*:*:*:*:*
• cpe:2.3:a:rsa:rsa_authentication_manager:8.7:SP2 Patch 2:*:*:*:*:*:*

External links

https://community.rsa.com/s/article/RSA-2024-12-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.