RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.
Max CVSS
5.8
EPSS Score
0.22%
Published
2018-09-28
Updated
2020-03-27
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.
Max CVSS
8.8
EPSS Score
0.23%
Published
2017-07-07
Updated
2017-07-17
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.
Max CVSS
6.1
EPSS Score
0.08%
Published
2016-09-18
Updated
2016-11-28
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
Max CVSS
8.8
EPSS Score
1.08%
Published
2016-04-20
Updated
2018-10-09
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
Max CVSS
6.8
EPSS Score
0.10%
Published
2015-08-20
Updated
2016-11-28
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.16%
Published
2015-08-20
Updated
2017-09-21
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
Max CVSS
6.8
EPSS Score
0.16%
Published
2015-01-07
Updated
2016-12-07
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.21%
Published
2014-08-20
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.16%
Published
2014-08-20
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.
Max CVSS
6.8
EPSS Score
0.23%
Published
2013-11-21
Updated
2015-07-22
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.09%
Published
2012-12-05
Updated
2012-12-05
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!