cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25066,https://securityvulnerability.io/vulnerability/CVE-2024-25066,XML External Entity Vulnerability in RSA Authentication Manager,"The RSA Authentication Manager prior to version 8.7 SP2 Patch 1 is susceptible to XML External Entity (XXE) attacks. This vulnerability allows an attacker to manipulate license files in a way that permits unauthorized access to files on the server hosting the product. Although data exfiltration is not possible, the presence of attacker-controlled files can lead to potential unauthorized information exposure and integrity issues, posing serious risks to the overall security posture of the affected systems.",Rsa,Authentication Manager,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-02-17T00:00:00.000Z,0
CVE-2018-11075,https://securityvulnerability.io/vulnerability/CVE-2018-11075,DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities,"RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.",Rsa,Authentication Manager,5.8,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2018-09-28T18:29:00.000Z,0
CVE-2018-11073,https://securityvulnerability.io/vulnerability/CVE-2018-11073,DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities,"RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.",Rsa,Authentication Manager,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2018-09-28T18:29:00.000Z,0
CVE-2018-11074,https://securityvulnerability.io/vulnerability/CVE-2018-11074,DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities,"RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.",Rsa,Authentication Manager,6.1,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2018-09-28T18:29:00.000Z,0
CVE-2018-1254,https://securityvulnerability.io/vulnerability/CVE-2018-1254,,"RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.",Rsa,Rsa Authentication Manager,6.1,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2018-06-21T15:29:00.000Z,0
CVE-2018-1253,https://securityvulnerability.io/vulnerability/CVE-2018-1253,Stored cross-site scripting vulnerability,"RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.",Rsa,Authentication Manager,6.5,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2018-06-21T15:29:00.000Z,0
CVE-2013-3273,https://securityvulnerability.io/vulnerability/CVE-2013-3273,,"EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.",Rsa,"Authentication Manager,Rsa Authentication Manager",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-07-08T20:55:00.000Z,0
CVE-2013-0947,https://securityvulnerability.io/vulnerability/CVE-2013-0947,,"EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.",Rsa,Authentication Manager,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-06-07T20:55:00.000Z,0
CVE-2012-2279,https://securityvulnerability.io/vulnerability/CVE-2012-2279,,Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,Rsa,"Authentication Manager,Rsa Authentication Manager",,,0.0020000000949949026,false,,false,false,false,,,false,false,,2012-07-13T21:00:00.000Z,0
CVE-2012-2278,https://securityvulnerability.io/vulnerability/CVE-2012-2278,,Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Rsa,"Authentication Manager,Rsa Authentication Manager",,,0.0012199999764561653,false,,false,false,false,,,false,false,,2012-07-13T21:00:00.000Z,0
CVE-2012-2280,https://securityvulnerability.io/vulnerability/CVE-2012-2280,,"EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a ""Cross frame scripting vulnerability.""",Rsa,"Authentication Manager,Rsa Authentication Manager",,,0.0013099999632686377,false,,false,false,false,,,false,false,,2012-07-13T21:00:00.000Z,0