DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities
This notification just came out and has a conflicting statement about the version(s) affected. I have pasted and highlighted the differences in red below.
Please advise as to which one is accurate.
Affected Products:
RSA Authentication Manager versions prior to 8.3 P1...
Details:
• Stored cross-site scripting vulnerability (CVE-2018-1253)
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier...
and
• Reflected cross-site scripting vulnerability (CVE-2018-1254)
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier...
Recommendation:
The following RSA Authentication Manager release contains resolutions to these vulnerabilities:
• RSA Authentication Manager version 8.3 P1 and later
Patch 1 corrects the issues.
The advisory has been updated.