CVE-2019-3711
CVE-2019-3711 is a medium-severity vulnerability in Emc Rsa Authentication Manager with a CVSS 3.x base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 5.8)
- CVSS v2: 4.0
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Emc Rsa Authentication Manager
- Published:
- Last modified:
Description
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.
Frequently asked questions
- What is CVE-2019-3711?
- RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.
- How severe is CVE-2019-3711?
- CVE-2019-3711 has a CVSS 3.x base score of 5.8, rated medium severity. It is exploitable over network with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2019-3711 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-3711?
- CVE-2019-3711 primarily affects Emc Rsa Authentication Manager. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2019-3711?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2019-3711 published?
- CVE-2019-3711 was published on 2019-03-13 and last updated on 2026-06-17.
References
Affected products (2)
- cpe:2.3:a:emc:rsa_authentication_manager:8.4:-:*:*:*:*:*:*
- cpe:2.3:a:rsa:authentication_manager:*:*:*:*:*:*:*:*
More vulnerabilities in Emc Rsa Authentication Manager
- CVE-2019-3768 — Medium (CVSS 6.5): RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote…
- CVE-2018-11073 — Medium (CVSS 6.5): RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the…
- CVE-2012-2279 — Medium (CVSS 6.4): Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA…
- CVE-2018-11074 — Medium (CVSS 6.1): RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability…
- CVE-2018-1254 — Medium (CVSS 6.1): RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting…
- CVE-2018-1253 — Medium (CVSS 6.1): RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting…