#VU12369 XXE attack in RSA Authentication Manager - CVE-2018-1247
Published: May 7, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU12369
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-1247
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
RSA Authentication Manager
RSA Authentication Manager
Software vendor:
RSA
RSA
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and cause DoS condition on the target system.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
Remediation
Update to version 8.3 P1.