XML Entity Injection Vulnerability in RSA Authentication Manager versions prior to 8.4 P7

XML Entity Injection Vulnerability in RSA Authentication Manager versions prior to 8.4 P7

CVE-2019-3768 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.

Learn more about our User Device Pen Test.