[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

EMC Identifier: ESA-2016-092

CVE Identifier: CVE-2016-0919

Severity Rating: CVSS v3 Base Score:  7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

Affected Products:
·   RSA Web Threat Detection version 5.0 
·   RSA Web Threat Detection version 5.1
·   RSA Web Threat Detection version 5.1.2

Summary: 
RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:  
RSA Web Threat Detection is affected by a Stored Cross-Site Scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or Javascript code in the user?s browser session in the context of the RSA Web Threat Detection application.

Recommendation: 
The following RSA Web Threat Detection releases contain a resolution to this vulnerability:      
·   RSA Web Threat Detection version 5.0 HF20
·   RSA Web Threat Detection version 6.0

RSA recommends all customers upgrade at the earliest opportunity. 
 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYiiFpAAoJEHbcu+fsE81ZQ2sH/i0IiwYdP6bqfWQDQXvzuQOb
9qsKaZlm0oN8cPol43YnuqnGzZDerHtwkF1UWwgISNk1l7226peO0iBieB1humg9
xlBJQpCQtpinQshz4HJVEtfL3xprbq44V8Vyz76mNaEqQz67pYnqlkUH0h0lLLpm
fjIXZpAYtRrfBUL1S9qrYfpyuXi1hozlrOIM/JsTWk6iLrd8AEIVChPs4qQucvRY
tslePzE2pAfALsVES6rDH6CWdO7+mMC1E2+eL71zk8VQW7q8Il8brrN7zXaFWP4x
OVgIsxU2+iP1irpjlZ/vwxtYm4nfvER+QnGGkAYWTJ0DKekNI6EmK90oCdeyBfs=
=U3El
-----END PGP SIGNATURE-----