ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

EMC Identifier: ESA-2016-092

CVE Identifier: CVE-2016-0919

Severity Rating: CVSS v3 Base Score:  7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

Affected Products:
·   RSA Web Threat Detection version 5.0 
·   RSA Web Threat Detection version 5.1
·   RSA Web Threat Detection version 5.1.2

Summary: 
RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:  
RSA Web Threat Detection is affected by a Stored Cross-Site Scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or Javascript code in the user’s browser session in the context of the RSA Web Threat Detection application.

Recommendation: 
The following RSA Web Threat Detection releases contain a resolution to this vulnerability:      
·   RSA Web Threat Detection version 5.0 HF20
·   RSA Web Threat Detection version 6.0

RSA recommends all customers upgrade at the earliest opportunity.