Vulnerability CVE-2008-7266


Published: 2010-11-26   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Low
RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Cross-site Scripting Vulnerability
Nir Goldshlager
30.11.2010

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: RSA
Product: Adaptive authentication 
Version:
5.7.3
5.7.2
5.7.0
2.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/archive/1/514869/100/0/threaded
http://www.securitytracker.com/id?1024775
http://www.vupen.com/english/advisories/2010/3055
https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8192

Related CVE
CVE-2019-3756
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3739
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA key...
CVE-2019-3738
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same pre...
CVE-2019-3716
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may ob...
CVE-2019-3715
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the ex...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrat...
CVE-2018-15782
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick s...
CVE-2018-11075
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially ...

Copyright 2019, cxsecurity.com

 

Back to Top