AnsweredAssumed Answered

Vulnerability version question 8.3 P1

Question asked by Kevin Marshman on Jun 11, 2018
Latest reply on Jun 11, 2018 by George Spagnoli
  • Comment1

DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities  

This notification just came out and has a conflicting statement about the version(s) affected.  I have pasted and highlighted the differences in red below.

Please advise as to which one is accurate.

 

Affected Products:

RSA Authentication Manager versions prior to 8.3 P1...

 

Details:
• Stored cross-site scripting vulnerability (CVE-2018-1253)
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier...

 

and


• Reflected cross-site scripting vulnerability (CVE-2018-1254)
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier...

 

Recommendation:
The following RSA Authentication Manager release contains resolutions to these vulnerabilities:
• RSA Authentication Manager version 8.3 P1 and later

George Spagnoli
George Spagnoli Employee Jun 11, 2018 1:49 PM
Correct Answer

Patch 1 corrects the issues.

The advisory has been updated.

See the reply in context
4 people also had this question

Outcomes

    Visibility: RSA SecurID Access469 Views
    Last modified on Jun 11, 2018 12:10 PM
    Ratings: