ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

From: EMC Product Security Response Center <Security_Alert@emc.com>
To: 'bugtraq@securityfocus.com' <bugtraq@securityfocus.com>,DM@securityfocus.com <DM@securityfocus.com>
Cc:
Subject: ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability
Date:

Attachments:
ESA-2016-092.txt



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2016-092: RSA Web Threat Detection Cross Site Scripting Vulnerability

EMC Identifier: ESA-2016-092

CVE Identifier: CVE-2016-0919

Severity Rating: CVSS v3 Base Score:  7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

Affected Products:
   RSA Web Threat Detection version 5.0 
   RSA Web Threat Detection version 5.1
   RSA Web Threat Detection version 5.1.2

Summary: 
RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:  
RSA Web Threat Detection is affected by a Stored Cross-Site Scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or Javascript code in the users browser session in the context of the RSA Web Threat Detection application.

Recommendation: 
The following RSA Web Threat Detection releases contain a resolution to this vulnerability:      
   RSA Web Threat Detection version 5.0 HF20
   RSA Web Threat Detection version 6.0

RSA recommends all customers upgrade at the earliest opportunity. 
 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYiiFpAAoJEHbcu+fsE81ZQ2sH/i0IiwYdP6bqfWQDQXvzuQOb
9qsKaZlm0oN8cPol43YnuqnGzZDerHtwkF1UWwgISNk1l7226peO0iBieB1humg9
xlBJQpCQtpinQshz4HJVEtfL3xprbq44V8Vyz76mNaEqQz67pYnqlkUH0h0lLLpm
fjIXZpAYtRrfBUL1S9qrYfpyuXi1hozlrOIM/JsTWk6iLrd8AEIVChPs4qQucvRY
tslePzE2pAfALsVES6rDH6CWdO7+mMC1E2+eL71zk8VQW7q8Il8brrN7zXaFWP4x
OVgIsxU2+iP1irpjlZ/vwxtYm4nfvER+QnGGkAYWTJ0DKekNI6EmK90oCdeyBfs=
=U3El
-----END PGP SIGNATURE-----




Copyright © 1995-2018 LinuxRocket.net. All rights reserved.