Authentication manager

This hub aggregates every CVE we track for Authentication manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Authentication manager.

• CVE-2024-25066RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfi...4.3Feb 17, 2025
• CVE-2019-18574RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit th...4.8Dec 3, 2019
• CVE-2019-3711DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability5.8Mar 13, 2019
• CVE-2018-15782DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability7.7Jan 16, 2019
• CVE-2018-11074DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities6.1Sep 28, 2018
• CVE-2018-11073DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities6.5Sep 28, 2018
• CVE-2018-11075DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities5.8Sep 28, 2018
• CVE-2018-1253Stored cross-site scripting vulnerability6.1Jun 21, 2018
• CVE-2018-1247RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or ex...7.1May 8, 2018
• CVE-2018-1248RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote att...6.1May 8, 2018
• CVE-2013-3273EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, whi...2.1Jul 8, 2013
• CVE-2013-0947EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2)...2.1Jun 7, 2013
• CVE-2012-2280EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via u...5.0Jul 13, 2012
• CVE-2012-2279Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to ar...6.4Jul 13, 2012
• CVE-2012-2278Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 befor...4.3Jul 13, 2012