AnsweredAssumed Answered

Vulnerability version question 8.3 P1

Question asked by KEVIN MARSHMAN on Jun 11, 2018
Latest reply on Jun 11, 2018 by George Spagnoli

DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities  

This notification just came out and has a conflicting statement about the version(s) affected.  I have pasted and highlighted the differences in red below.

Please advise as to which one is accurate.

 

Affected Products:

RSA Authentication Manager versions prior to 8.3 P1...

 

Details:
• Stored cross-site scripting vulnerability (CVE-2018-1253)
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier...

 

and


• Reflected cross-site scripting vulnerability (CVE-2018-1254)
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier...

 

Recommendation:
The following RSA Authentication Manager release contains resolutions to these vulnerabilities:
• RSA Authentication Manager version 8.3 P1 and later

Outcomes