#VU12369 XXE attack in RSA Authentication Manager
Vulnerability identifier: #VU12369
Vulnerability risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-611
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
RSA Authentication Manager
Web applications /
Remote management & hosting panels
Vendor: RSA
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and cause DoS condition on the target system.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
Mitigation
Update to version 8.3 P1.
Vulnerable software versions
RSA Authentication Manager: 8.0 - 8.2 SP1 Patch 7
External links
http://seclists.org/fulldisclosure/2018/May/18
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
