CVE-2018-15782

HIGH

RSA Authentication Manager < 8.4 - Path Traversal via Quick Setup License

Title source: llm
STIX 2.1

Description

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
https://seclists.org/fulldisclosure/2019/Jan/18

Scores

CVSS v3 7.7
EPSS 0.0042
EPSS Percentile 34.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
rsa/authentication_manager < 8.4
Published Jan 16, 2019
Tracked Since Feb 18, 2026