BugTraq
ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability Jan 26 2017 05:49PM
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

EMC Identifier: ESA-2016-092

CVE Identifier: CVE-2016-0919

Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

Affected Products:

· RSA Web Threat Detection version 5.0

· RSA Web Threat Detection version 5.1

· RSA Web Threat Detection version 5.1.2

Summary:

RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:

RSA Web Threat Detection is affected by a Stored Cross-Site Scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or Javascript code in the user?s browser session in the context of the RSA Web Threat Detection application.

Recommendation:

The following RSA Web Threat Detection releases contain a resolution to this vulnerability:

· RSA Web Threat Detection version 5.0 HF20

· RSA Web Threat Detection version 6.0

RSA recommends all customers upgrade at the earliest opportunity.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

iQEcBAEBCAAGBQJYiiFpAAoJEHbcu+fsE81ZQ2sH/i0IiwYdP6bqfWQDQXvzuQOb

9qsKaZlm0oN8cPol43YnuqnGzZDerHtwkF1UWwgISNk1l7226peO0iBieB1humg9

xlBJQpCQtpinQshz4HJVEtfL3xprbq44V8Vyz76mNaEqQz67pYnqlkUH0h0lLLpm

fjIXZpAYtRrfBUL1S9qrYfpyuXi1hozlrOIM/JsTWk6iLrd8AEIVChPs4qQucvRY

tslePzE2pAfALsVES6rDH6CWdO7+mMC1E2+eL71zk8VQW7q8Il8brrN7zXaFWP4x

OVgIsxU2+iP1irpjlZ/vwxtYm4nfvER+QnGGkAYWTJ0DKekNI6EmK90oCdeyBfs=

=U3El

-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus