cvelistv5 - cve-2017-8004

CVE-2017-8004 (GCVE-0-2017-8004)

Vulnerability from cvelistv5 – Published: 2017-07-17 14:00 – Updated: 2024-08-05 16:19

Summary

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.

Severity ?

No CVSS data available.

CWE

unrestricted file upload

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1038877	vdb-entryx_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2017/Jul/24	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99591	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)	Affected: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038877",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unrestricted file upload",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-18T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038877",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
        },
        {
          "name": "99591",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99591"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unrestricted file upload"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8004",
    "datePublished": "2017-07-17T14:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C66E2A38-220A-4417-882A-3D12B98F6F31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2ED5260-0321-47F7-9637-8E5A10BACCB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A348908-0266-45AA-9D4E-88CAA301B6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5288389E-1322-4441-A295-045E38B22D11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7911EFFA-376A-4BF2-8FF4-3F773820DF8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E085B6-20D0-44D8-BE5F-A93095619076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F28360-E854-459B-810E-116000656DD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CB4F747-283D-4C55-9AC1-2BAE838A53E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DADF9632-E0A8-44F7-8995-93DB5688629E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC40E49-B24F-48E2-A952-B368F1821AF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1DADC80-FB42-466A-9411-C1591570CFBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D706444-C2CC-4AA6-83B9-1D2145226B79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09E913D0-CF21-431F-800D-DFC30B3C5485\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E328640-2653-45FB-943B-5694813C380F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA58360-4AC1-489D-BAD1-D25B162555BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"819D0E33-9C21-4482-9F5C-8F7E3261D7E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF97A4FA-A118-4603-B0CB-B8DC78D8AE46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E086173-5575-4CDE-A289-98E16CFD2E79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5FD8890-0E9F-46AD-9414-4B7B32102786\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A52C830-8381-4182-9BB0-4DC4EFD482CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB75A283-EA87-4937-89CB-499AA9E1C6E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD73332D-C5F1-414A-9849-071F52A635AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"015FEE26-3158-4C89-A7E0-7ABAE87AE769\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73001754-E19F-40DF-95EF-7BE802365DA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BD8248E-6DF0-4D83-B048-11168A74AA95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1ED2552E-20B5-4A96-AB45-EDE8C9CDD346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDB09176-507F-4A9E-A316-561BE6D7725F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3D8C9C5-613A-4B7F-9654-1D11C08F166F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F5A118-16A6-42A7-A804-F0974E30AC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"964AEB79-478C-44A7-B17A-787ED1EE5CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBBE6361-CD6C-4B18-9D99-849A67081A43\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.\"}, {\"lang\": \"es\", \"value\": \"Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), permiten a un administrador de aplicaci\\u00f3n cargar archivos arbitrarios que potencialmente contengan un c\\u00f3digo malicioso. El archivo malicioso podr\\u00eda ser luego ejecutado en el sistema afectado con los privilegios del usuario bajo el que se ejecuta la aplicaci\\u00f3n.\"}]",
      "id": "CVE-2017-8004",
      "lastModified": "2024-11-21T03:33:08.660",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-17T14:29:01.140",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/24\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99591\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038877\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8004\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-07-17T14:29:01.140\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.\"},{\"lang\":\"es\",\"value\":\"Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), permiten a un administrador de aplicaci\u00f3n cargar archivos arbitrarios que potencialmente contengan un c\u00f3digo malicioso. El archivo malicioso podr\u00eda ser luego ejecutado en el sistema afectado con los privilegios del usuario bajo el que se ejecuta la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66E2A38-220A-4417-882A-3D12B98F6F31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2ED5260-0321-47F7-9637-8E5A10BACCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A348908-0266-45AA-9D4E-88CAA301B6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5288389E-1322-4441-A295-045E38B22D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7911EFFA-376A-4BF2-8FF4-3F773820DF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E085B6-20D0-44D8-BE5F-A93095619076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F28360-E854-459B-810E-116000656DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CB4F747-283D-4C55-9AC1-2BAE838A53E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DADF9632-E0A8-44F7-8995-93DB5688629E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC40E49-B24F-48E2-A952-B368F1821AF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1DADC80-FB42-466A-9411-C1591570CFBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D706444-C2CC-4AA6-83B9-1D2145226B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E913D0-CF21-431F-800D-DFC30B3C5485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E328640-2653-45FB-943B-5694813C380F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA58360-4AC1-489D-BAD1-D25B162555BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"819D0E33-9C21-4482-9F5C-8F7E3261D7E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF97A4FA-A118-4603-B0CB-B8DC78D8AE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E086173-5575-4CDE-A289-98E16CFD2E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5FD8890-0E9F-46AD-9414-4B7B32102786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A52C830-8381-4182-9BB0-4DC4EFD482CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB75A283-EA87-4937-89CB-499AA9E1C6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD73332D-C5F1-414A-9849-071F52A635AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"015FEE26-3158-4C89-A7E0-7ABAE87AE769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73001754-E19F-40DF-95EF-7BE802365DA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD8248E-6DF0-4D83-B048-11168A74AA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ED2552E-20B5-4A96-AB45-EDE8C9CDD346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB09176-507F-4A9E-A316-561BE6D7725F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D8C9C5-613A-4B7F-9654-1D11C08F166F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F5A118-16A6-42A7-A804-F0974E30AC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964AEB79-478C-44A7-B17A-787ED1EE5CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBBE6361-CD6C-4B18-9D99-849A67081A43\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2017-8004

Vulnerability from fkie_nvd - Published: 2017-07-17 14:29 - Updated: 2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
emc	rsa_identity_governance_and_lifecycle	7.0.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.2
emc	rsa_identity_governance_and_lifecycle	7.0.1.3
emc	rsa_identity_governance_and_lifecycle	7.0.2
emc	rsa_identity_governance_and_lifecycle	7.0.2.1
emc	rsa_identity_management_and_governance	6.9.1
emc	rsa_identity_management_and_governance	6.9.1.1
emc	rsa_identity_management_and_governance	6.9.1.2
emc	rsa_identity_management_and_governance	6.9.1.3
emc	rsa_identity_management_and_governance	6.9.1.4
emc	rsa_identity_management_and_governance	6.9.1.5
emc	rsa_identity_management_and_governance	6.9.1.6
emc	rsa_identity_management_and_governance	6.9.1.7
emc	rsa_identity_management_and_governance	6.9.1.8
emc	rsa_identity_management_and_governance	6.9.1.9
emc	rsa_identity_management_and_governance	6.9.1.10
emc	rsa_identity_management_and_governance	6.9.1.11
emc	rsa_identity_management_and_governance	6.9.1.12
emc	rsa_identity_management_and_governance	6.9.1.13
emc	rsa_identity_management_and_governance	6.9.1.14
emc	rsa_identity_management_and_governance	6.9.1.15
emc	rsa_identity_management_and_governance	6.9.1.16
emc	rsa_identity_management_and_governance	6.9.1.17
emc	rsa_identity_management_and_governance	6.9.1.18
emc	rsa_identity_management_and_governance	6.9.1.19
emc	rsa_identity_management_and_governance	6.9.1.20
emc	rsa_identity_management_and_governance	6.9.1.21
emc	rsa_identity_management_and_governance	6.9.1.22
emc	rsa_identity_management_and_governance	6.9.1.23
emc	rsa_identity_management_and_governance	6.9.1.24
rsa	rsa_via_lifecycle_and_governance	7.0
rsa	rsa_via_lifecycle_and_governance	7.0.0.1
rsa	rsa_via_lifecycle_and_governance	7.0.0.2
rsa	rsa_via_lifecycle_and_governance	7.0.0.3
rsa	rsa_via_lifecycle_and_governance	7.0.0.4
rsa	rsa_via_lifecycle_and_governance	7.0.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD65ECE7-AEC0-4996-AA77-A1394CD10E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E2A38-220A-4417-882A-3D12B98F6F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED5260-0321-47F7-9637-8E5A10BACCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A348908-0266-45AA-9D4E-88CAA301B6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5288389E-1322-4441-A295-045E38B22D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8784E8C-B027-446D-92E3-E1FF3CA90BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7911EFFA-376A-4BF2-8FF4-3F773820DF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E085B6-20D0-44D8-BE5F-A93095619076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F28360-E854-459B-810E-116000656DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB4F747-283D-4C55-9AC1-2BAE838A53E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF9632-E0A8-44F7-8995-93DB5688629E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC40E49-B24F-48E2-A952-B368F1821AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DADC80-FB42-466A-9411-C1591570CFBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D706444-C2CC-4AA6-83B9-1D2145226B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E913D0-CF21-431F-800D-DFC30B3C5485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E328640-2653-45FB-943B-5694813C380F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA58360-4AC1-489D-BAD1-D25B162555BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "819D0E33-9C21-4482-9F5C-8F7E3261D7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF97A4FA-A118-4603-B0CB-B8DC78D8AE46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E086173-5575-4CDE-A289-98E16CFD2E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FD8890-0E9F-46AD-9414-4B7B32102786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A52C830-8381-4182-9BB0-4DC4EFD482CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB75A283-EA87-4937-89CB-499AA9E1C6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD73332D-C5F1-414A-9849-071F52A635AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "015FEE26-3158-4C89-A7E0-7ABAE87AE769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "73001754-E19F-40DF-95EF-7BE802365DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD8248E-6DF0-4D83-B048-11168A74AA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED2552E-20B5-4A96-AB45-EDE8C9CDD346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB09176-507F-4A9E-A316-561BE6D7725F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D8C9C5-613A-4B7F-9654-1D11C08F166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5A118-16A6-42A7-A804-F0974E30AC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "964AEB79-478C-44A7-B17A-787ED1EE5CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBE6361-CD6C-4B18-9D99-849A67081A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under."
    },
    {
      "lang": "es",
      "value": "Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), permiten a un administrador de aplicaci\u00f3n cargar archivos arbitrarios que potencialmente contengan un c\u00f3digo malicioso. El archivo malicioso podr\u00eda ser luego ejecutado en el sistema afectado con los privilegios del usuario bajo el que se ejecuta la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2017-8004",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-17T14:29:01.140",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-24526

Vulnerability from cnvd - Published: 2017-09-04

Title

多款EMC产品任意文件上传漏洞

Description

EMC RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA Identity Management and Governance都是美国易安信（EMC）公司的产品。EMC RSA Identity Governance and Lifecycle是一套生命周期管理解决方案；EMC RSA Identity Management and Governance（IMG）是一套企业级身份识别和管理解决方案；EMC RSA Via Lifecycle and Governance是一套生命周期管理和身份识别解决方案。多款EMC产品中存在任意文件上传漏洞。远程攻击者可利用该漏洞上传包含恶意代码的任意文件，并执行该文件

Severity

中

Patch Name

多款EMC产品任意文件上传漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.emc.com/

Reference

http://securitytracker.com/id/1038877

Impacted products

Name
['EMC RSA Via Lifecycle and Governance 7.0.1', 'EMC RSA Via Lifecycle and Governance 7.0', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P06', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P05', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P01', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P15', 'EMC RSA Identity Governance and Lifecycle 7.0.1', 'EMC RSA Identity Governance and Lifecycle 7.0.2', 'EMC RSA Identity Management and Governance (IMG) 6.9.1']

Name

['EMC RSA Via Lifecycle and Governance 7.0.1', 'EMC RSA Via Lifecycle and Governance 7.0', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P06', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P05', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P01', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P15', 'EMC RSA Identity Governance and Lifecycle 7.0.1', 'EMC RSA Identity Governance and Lifecycle 7.0.2', 'EMC RSA Identity Management and Governance (IMG) 6.9.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99591"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8004"
    }
  },
  "description": "EMC RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA Identity Management and Governance\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Identity Management and Governance\uff08IMG\uff09\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Via Lifecycle and Governance\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u4e2d\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u5305\u542b\u6076\u610f\u4ee3\u7801\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u8be5\u6587\u4ef6",
  "discovererName": "EMC",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-24526",
  "openTime": "2017-09-04",
  "patchDescription": "EMC RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA Identity Management and Governance\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Identity Management and Governance\uff08IMG\uff09\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Via Lifecycle and Governance\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u4e2d\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u5305\u542b\u6076\u610f\u4ee3\u7801\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u8be5\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eEMC\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC RSA Via Lifecycle and Governance 7.0.1",
      "EMC RSA Via Lifecycle and Governance 7.0",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P06",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P05",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P01",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P15",
      "EMC RSA Identity Governance and Lifecycle 7.0.1",
      "EMC RSA Identity Governance and Lifecycle 7.0.2",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038877",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-20",
  "title": "\u591a\u6b3eEMC\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

GHSA-WPFH-PC7C-F24V

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.",
  "id": "GHSA-wpfh-pc7c-f24v",
  "modified": "2022-05-13T01:07:24Z",
  "published": "2022-05-13T01:07:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8004"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-8004

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8004

Aliases

CVE-2017-8004

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8004",
    "description": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.",
    "id": "GSD-2017-8004"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8004"
      ],
      "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.",
      "id": "GSD-2017-8004",
      "modified": "2023-12-13T01:21:08.664544Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-8004",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unrestricted file upload"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038877",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
            "refsource": "CONFIRM",
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-8004"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-08-06T13:12Z",
      "publishedDate": "2017-07-17T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8004 (GCVE-0-2017-8004)

FKIE_CVE-2017-8004

CNVD-2017-24526

GHSA-WPFH-PC7C-F24V

GSD-2017-8004

Tags

Sightings

Nomenclature