The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Jan/81 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1040268 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/102838 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-01-24 19:29
Updated : 2018-02-15 05:26
NVD link : CVE-2017-15546
Mitre link : CVE-2017-15546
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
emc
- rsa_authentication_manager