cbcvebase.

Rsa Authentication Agent For Web vulnerabilities

8 known vulnerabilities affecting rsa/authentication_agent_for_web.

Total CVEs
8
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2005-4734P3MEDIUMCVSS 6.4PoCv5.2v5.32005-12-31
CVE-2005-4734 [MEDIUM] CVE-2005-4734: Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID We Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
nvd
CVE-2017-14377P3CRITICALCVSS 9.8v8.0v8.0.12017-11-29
CVE-2017-14377 [CRITICAL] CWE-287 CVE-2017-14377: EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.
nvd
CVE-2018-1232P3HIGHCVSS 7.5≤ 8.0.12018-03-30
CVE-2018-1232 [HIGH] CWE-787 CVE-2018-1232: RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are im RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.
nvd
CVE-2005-3329P4MEDIUMCVSS 4.3PoC≤ 5.3v5.1+2 more2005-10-27
CVE-2005-3329 [MEDIUM] CVE-2005-3329: Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
nvd
CVE-2005-1118P4MEDIUMCVSS 4.3PoCv5.22005-04-14
CVE-2005-1118 [MEDIUM] CVE-2005-1118: Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for We Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.
nvd
CVE-2018-1234P4MEDIUMCVSS 5.5≤ 8.0.12018-03-30
CVE-2018-1234 [MEDIUM] CWE-200 CVE-2018-1234: RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where ac RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication
nvd
CVE-2010-3261P4MEDIUMCVSS 5.0≤ 7.0v5.1+3 more2010-09-24
CVE-2010-3261 [MEDIUM] CWE-22 CVE-2010-3261: Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote at Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.
nvd
CVE-2018-1233P4MEDIUMCVSS 6.1≤ 8.0.12018-03-30
CVE-2018-1233 [MEDIUM] CWE-79 CVE-2018-1233: RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are af RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.
nvd
Rsa Authentication Agent For Web vulnerabilities | cvebase