CVE-2019-3768: XEE
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2019-3768?
CVE-2019-3768 is an XML Entity Injection Vulnerability in RSA Authentication Manager versions prior to 8.4 P7.
How does CVE-2019-3768 affect EMC RSA Authentication Manager?
CVE-2019-3768 affects EMC RSA Authentication Manager versions prior to 8.4 P7 and can be exploited by a remote authenticated malicious user to cause information disclosure of local system files.
What is the severity level of CVE-2019-3768?
CVE-2019-3768 has a severity level of 6.5, which is considered medium.
How can I fix CVE-2019-3768?
To fix CVE-2019-3768, update RSA Authentication Manager to version 8.4 P7 or later.
Where can I find more information about CVE-2019-3768?
More information about CVE-2019-3768 can be found at the following link: [RSA Authentication Manager Software XML Entity Injection Vulnerability](https://www.dell.com/support/security/en-us/details/DOC-108320/DSA-2019-148-RSA-AUTHENTICATION-MANAGER-SOFTWARE-XML-ENTITY-INJECTION-VULNERABILITY).