Main
Vulnerability Database
Exploits
ID:6207 - Exploit for XXE attack in RSA Authentication Manager - CVE-2018-1247
ID:6207 - Exploit for XXE attack in RSA Authentication Manager - CVE-2018-1247
Published: June 17, 2021
Vulnerability identifier: #VU12369
Vulnerability risk: Low
CVE-ID: CVE-2018-1247
CWE-ID: CWE-611
Exploitation vector: Remote access
Vulnerable software:
RSA Authentication Manager
RSA Authentication Manager
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and cause DoS condition on the target system.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
Remediation
Update to version 8.3 P1.