cvelistv5 - cve-2017-8005

CVE-2017-8005 (GCVE-0-2017-8005)

Vulnerability from cvelistv5 – Published: 2017-07-17 14:00 – Updated: 2024-08-05 16:19

Summary

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.

Severity ?

No CVSS data available.

CWE

Multiple Stored Cross-Site Scripting Vulnerabilities

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1038877	vdb-entryx_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2017/Jul/24	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99591	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)	Affected: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038877",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Stored Cross-Site Scripting Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-18T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038877",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
        },
        {
          "name": "99591",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99591"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Stored Cross-Site Scripting Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8005",
    "datePublished": "2017-07-17T14:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C66E2A38-220A-4417-882A-3D12B98F6F31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2ED5260-0321-47F7-9637-8E5A10BACCB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A348908-0266-45AA-9D4E-88CAA301B6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5288389E-1322-4441-A295-045E38B22D11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7911EFFA-376A-4BF2-8FF4-3F773820DF8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E085B6-20D0-44D8-BE5F-A93095619076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F28360-E854-459B-810E-116000656DD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CB4F747-283D-4C55-9AC1-2BAE838A53E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DADF9632-E0A8-44F7-8995-93DB5688629E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC40E49-B24F-48E2-A952-B368F1821AF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1DADC80-FB42-466A-9411-C1591570CFBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D706444-C2CC-4AA6-83B9-1D2145226B79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09E913D0-CF21-431F-800D-DFC30B3C5485\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E328640-2653-45FB-943B-5694813C380F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA58360-4AC1-489D-BAD1-D25B162555BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"819D0E33-9C21-4482-9F5C-8F7E3261D7E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF97A4FA-A118-4603-B0CB-B8DC78D8AE46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E086173-5575-4CDE-A289-98E16CFD2E79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5FD8890-0E9F-46AD-9414-4B7B32102786\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A52C830-8381-4182-9BB0-4DC4EFD482CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB75A283-EA87-4937-89CB-499AA9E1C6E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD73332D-C5F1-414A-9849-071F52A635AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"015FEE26-3158-4C89-A7E0-7ABAE87AE769\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73001754-E19F-40DF-95EF-7BE802365DA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BD8248E-6DF0-4D83-B048-11168A74AA95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1ED2552E-20B5-4A96-AB45-EDE8C9CDD346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDB09176-507F-4A9E-A316-561BE6D7725F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3D8C9C5-613A-4B7F-9654-1D11C08F166F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F5A118-16A6-42A7-A804-F0974E30AC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"964AEB79-478C-44A7-B17A-787ED1EE5CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBBE6361-CD6C-4B18-9D99-849A67081A43\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.\"}, {\"lang\": \"es\", \"value\": \"Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), est\\u00e1n afectadas por m\\u00faltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podr\\u00edan inyectar c\\u00f3digo HTML arbitrario a la aplicaci\\u00f3n.\"}]",
      "id": "CVE-2017-8005",
      "lastModified": "2024-11-21T03:33:08.790",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-07-17T14:29:01.187",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/24\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99591\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038877\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8005\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-07-17T14:29:01.187\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.\"},{\"lang\":\"es\",\"value\":\"Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), est\u00e1n afectadas por m\u00faltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podr\u00edan inyectar c\u00f3digo HTML arbitrario a la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66E2A38-220A-4417-882A-3D12B98F6F31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2ED5260-0321-47F7-9637-8E5A10BACCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A348908-0266-45AA-9D4E-88CAA301B6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5288389E-1322-4441-A295-045E38B22D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7911EFFA-376A-4BF2-8FF4-3F773820DF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E085B6-20D0-44D8-BE5F-A93095619076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F28360-E854-459B-810E-116000656DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CB4F747-283D-4C55-9AC1-2BAE838A53E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DADF9632-E0A8-44F7-8995-93DB5688629E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC40E49-B24F-48E2-A952-B368F1821AF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1DADC80-FB42-466A-9411-C1591570CFBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D706444-C2CC-4AA6-83B9-1D2145226B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E913D0-CF21-431F-800D-DFC30B3C5485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E328640-2653-45FB-943B-5694813C380F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA58360-4AC1-489D-BAD1-D25B162555BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"819D0E33-9C21-4482-9F5C-8F7E3261D7E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF97A4FA-A118-4603-B0CB-B8DC78D8AE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E086173-5575-4CDE-A289-98E16CFD2E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5FD8890-0E9F-46AD-9414-4B7B32102786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A52C830-8381-4182-9BB0-4DC4EFD482CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB75A283-EA87-4937-89CB-499AA9E1C6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD73332D-C5F1-414A-9849-071F52A635AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"015FEE26-3158-4C89-A7E0-7ABAE87AE769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73001754-E19F-40DF-95EF-7BE802365DA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD8248E-6DF0-4D83-B048-11168A74AA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ED2552E-20B5-4A96-AB45-EDE8C9CDD346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB09176-507F-4A9E-A316-561BE6D7725F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D8C9C5-613A-4B7F-9654-1D11C08F166F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F5A118-16A6-42A7-A804-F0974E30AC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964AEB79-478C-44A7-B17A-787ED1EE5CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBBE6361-CD6C-4B18-9D99-849A67081A43\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2017-8005

Vulnerability from fkie_nvd - Published: 2017-07-17 14:29 - Updated: 2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
emc	rsa_identity_governance_and_lifecycle	7.0.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.2
emc	rsa_identity_governance_and_lifecycle	7.0.1.3
emc	rsa_identity_governance_and_lifecycle	7.0.2
emc	rsa_identity_governance_and_lifecycle	7.0.2.1
emc	rsa_identity_management_and_governance	6.9.1
emc	rsa_identity_management_and_governance	6.9.1.1
emc	rsa_identity_management_and_governance	6.9.1.2
emc	rsa_identity_management_and_governance	6.9.1.3
emc	rsa_identity_management_and_governance	6.9.1.4
emc	rsa_identity_management_and_governance	6.9.1.5
emc	rsa_identity_management_and_governance	6.9.1.6
emc	rsa_identity_management_and_governance	6.9.1.7
emc	rsa_identity_management_and_governance	6.9.1.8
emc	rsa_identity_management_and_governance	6.9.1.9
emc	rsa_identity_management_and_governance	6.9.1.10
emc	rsa_identity_management_and_governance	6.9.1.11
emc	rsa_identity_management_and_governance	6.9.1.12
emc	rsa_identity_management_and_governance	6.9.1.13
emc	rsa_identity_management_and_governance	6.9.1.14
emc	rsa_identity_management_and_governance	6.9.1.15
emc	rsa_identity_management_and_governance	6.9.1.16
emc	rsa_identity_management_and_governance	6.9.1.17
emc	rsa_identity_management_and_governance	6.9.1.18
emc	rsa_identity_management_and_governance	6.9.1.19
emc	rsa_identity_management_and_governance	6.9.1.20
emc	rsa_identity_management_and_governance	6.9.1.21
emc	rsa_identity_management_and_governance	6.9.1.22
emc	rsa_identity_management_and_governance	6.9.1.23
emc	rsa_identity_management_and_governance	6.9.1.24
rsa	rsa_via_lifecycle_and_governance	7.0
rsa	rsa_via_lifecycle_and_governance	7.0.0.1
rsa	rsa_via_lifecycle_and_governance	7.0.0.2
rsa	rsa_via_lifecycle_and_governance	7.0.0.3
rsa	rsa_via_lifecycle_and_governance	7.0.0.4
rsa	rsa_via_lifecycle_and_governance	7.0.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD65ECE7-AEC0-4996-AA77-A1394CD10E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E2A38-220A-4417-882A-3D12B98F6F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED5260-0321-47F7-9637-8E5A10BACCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A348908-0266-45AA-9D4E-88CAA301B6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5288389E-1322-4441-A295-045E38B22D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8784E8C-B027-446D-92E3-E1FF3CA90BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7911EFFA-376A-4BF2-8FF4-3F773820DF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E085B6-20D0-44D8-BE5F-A93095619076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F28360-E854-459B-810E-116000656DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB4F747-283D-4C55-9AC1-2BAE838A53E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF9632-E0A8-44F7-8995-93DB5688629E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC40E49-B24F-48E2-A952-B368F1821AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DADC80-FB42-466A-9411-C1591570CFBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D706444-C2CC-4AA6-83B9-1D2145226B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E913D0-CF21-431F-800D-DFC30B3C5485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E328640-2653-45FB-943B-5694813C380F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA58360-4AC1-489D-BAD1-D25B162555BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "819D0E33-9C21-4482-9F5C-8F7E3261D7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF97A4FA-A118-4603-B0CB-B8DC78D8AE46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E086173-5575-4CDE-A289-98E16CFD2E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FD8890-0E9F-46AD-9414-4B7B32102786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A52C830-8381-4182-9BB0-4DC4EFD482CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB75A283-EA87-4937-89CB-499AA9E1C6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD73332D-C5F1-414A-9849-071F52A635AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "015FEE26-3158-4C89-A7E0-7ABAE87AE769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "73001754-E19F-40DF-95EF-7BE802365DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD8248E-6DF0-4D83-B048-11168A74AA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED2552E-20B5-4A96-AB45-EDE8C9CDD346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB09176-507F-4A9E-A316-561BE6D7725F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D8C9C5-613A-4B7F-9654-1D11C08F166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5A118-16A6-42A7-A804-F0974E30AC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "964AEB79-478C-44A7-B17A-787ED1EE5CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBE6361-CD6C-4B18-9D99-849A67081A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
    },
    {
      "lang": "es",
      "value": "Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), est\u00e1n afectadas por m\u00faltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podr\u00edan inyectar c\u00f3digo HTML arbitrario a la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2017-8005",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-17T14:29:01.187",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8WCM-PX2F-W8QX

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-17T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
  "id": "GHSA-8wcm-px2f-w8qx",
  "modified": "2022-05-13T01:07:25Z",
  "published": "2022-05-13T01:07:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8005"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-24527

Vulnerability from cnvd - Published: 2017-09-04

Title

多款EMC产品跨站脚本漏洞

Description

EMC RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA Identity Management and Governance都是美国易安信（EMC）公司的产品。EMC RSA Identity Governance and Lifecycle是一套生命周期管理解决方案；EMC RSA Identity Management and Governance（IMG）是一套企业级身份识别和管理解决方案；EMC RSA Via Lifecycle and Governance是一套生命周期管理和身份识别解决方案。多款EMC产品存在跨站脚本漏洞。远程攻击者可利用该漏洞向应用程序注入任意的HTML代码。

Severity

低

Patch Name

多款EMC产品跨站脚本漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.emc.com/

Reference

http://securitytracker.com/id/1038877

Impacted products

Name
['EMC RSA Via Lifecycle and Governance 7.0.1', 'EMC RSA Via Lifecycle and Governance 7.0', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P06', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P05', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P01', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P15', 'EMC RSA Identity Governance and Lifecycle 7.0.1', 'EMC RSA Identity Governance and Lifecycle 7.0.2', 'EMC RSA Identity Management and Governance (IMG) 6.9.1']

Name

['EMC RSA Via Lifecycle and Governance 7.0.1', 'EMC RSA Via Lifecycle and Governance 7.0', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P06', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P05', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P01', 'EMC RSA Identity Management and Governance (IMG) 6.9.1 P15', 'EMC RSA Identity Governance and Lifecycle 7.0.1', 'EMC RSA Identity Governance and Lifecycle 7.0.2', 'EMC RSA Identity Management and Governance (IMG) 6.9.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99591"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8005"
    }
  },
  "description": "EMC RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA Identity Management and Governance\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Identity Management and Governance\uff08IMG\uff09\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Via Lifecycle and Governance\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u5e94\u7528\u7a0b\u5e8f\u6ce8\u5165\u4efb\u610f\u7684HTML\u4ee3\u7801\u3002",
  "discovererName": "EMC",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-24527",
  "openTime": "2017-09-04",
  "patchDescription": "EMC RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA Identity Management and Governance\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Identity Management and Governance\uff08IMG\uff09\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bEMC RSA Via Lifecycle and Governance\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u5e94\u7528\u7a0b\u5e8f\u6ce8\u5165\u4efb\u610f\u7684HTML\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eEMC\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC RSA Via Lifecycle and Governance 7.0.1",
      "EMC RSA Via Lifecycle and Governance 7.0",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P06",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P05",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P01",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1 P15",
      "EMC RSA Identity Governance and Lifecycle 7.0.1",
      "EMC RSA Identity Governance and Lifecycle 7.0.2",
      "EMC RSA Identity Management and Governance (IMG) 6.9.1"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038877",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-20",
  "title": "\u591a\u6b3eEMC\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GSD-2017-8005

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8005

Aliases

CVE-2017-8005

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8005",
    "description": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
    "id": "GSD-2017-8005"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8005"
      ],
      "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
      "id": "GSD-2017-8005",
      "modified": "2023-12-13T01:21:08.534751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-8005",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Multiple Stored Cross-Site Scripting Vulnerabilities"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038877",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
            "refsource": "CONFIRM",
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-8005"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-08-06T13:12Z",
      "publishedDate": "2017-07-17T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8005 (GCVE-0-2017-8005)

FKIE_CVE-2017-8005

GHSA-8WCM-PX2F-W8QX

CNVD-2017-24527

GSD-2017-8005

Tags

Sightings

Nomenclature