cvelistv5 - CVE-2017-8005

CVE-2017-8005 (GCVE-0-2017-8005)

Vulnerability from cvelistv5

Published

2017-07-17 14:00

Modified

2024-08-05 16:19

Severity ?

CWE

Multiple Stored Cross-Site Scripting Vulnerabilities

Summary

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.

References

►

URL

Tags

security_alert@emc.com	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)	Version: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038877",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Stored Cross-Site Scripting Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-18T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038877",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
        },
        {
          "name": "99591",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99591"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Stored Cross-Site Scripting Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8005",
    "datePublished": "2017-07-17T14:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8005\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-07-17T14:29:01.187\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.\"},{\"lang\":\"es\",\"value\":\"Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), est\u00e1n afectadas por m\u00faltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podr\u00edan inyectar c\u00f3digo HTML arbitrario a la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66E2A38-220A-4417-882A-3D12B98F6F31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2ED5260-0321-47F7-9637-8E5A10BACCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A348908-0266-45AA-9D4E-88CAA301B6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5288389E-1322-4441-A295-045E38B22D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7911EFFA-376A-4BF2-8FF4-3F773820DF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E085B6-20D0-44D8-BE5F-A93095619076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F28360-E854-459B-810E-116000656DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CB4F747-283D-4C55-9AC1-2BAE838A53E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DADF9632-E0A8-44F7-8995-93DB5688629E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC40E49-B24F-48E2-A952-B368F1821AF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1DADC80-FB42-466A-9411-C1591570CFBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D706444-C2CC-4AA6-83B9-1D2145226B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E913D0-CF21-431F-800D-DFC30B3C5485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E328640-2653-45FB-943B-5694813C380F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA58360-4AC1-489D-BAD1-D25B162555BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"819D0E33-9C21-4482-9F5C-8F7E3261D7E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF97A4FA-A118-4603-B0CB-B8DC78D8AE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E086173-5575-4CDE-A289-98E16CFD2E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5FD8890-0E9F-46AD-9414-4B7B32102786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A52C830-8381-4182-9BB0-4DC4EFD482CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB75A283-EA87-4937-89CB-499AA9E1C6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD73332D-C5F1-414A-9849-071F52A635AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"015FEE26-3158-4C89-A7E0-7ABAE87AE769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73001754-E19F-40DF-95EF-7BE802365DA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD8248E-6DF0-4D83-B048-11168A74AA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ED2552E-20B5-4A96-AB45-EDE8C9CDD346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB09176-507F-4A9E-A316-561BE6D7725F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D8C9C5-613A-4B7F-9654-1D11C08F166F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F5A118-16A6-42A7-A804-F0974E30AC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964AEB79-478C-44A7-B17A-787ED1EE5CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBBE6361-CD6C-4B18-9D99-849A67081A43\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-8wcm-px2f-w8qx

Vulnerability from github

Published

2022-05-13 01:07

Modified

2022-05-13 01:07

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-17T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
  "id": "GHSA-8wcm-px2f-w8qx",
  "modified": "2022-05-13T01:07:25Z",
  "published": "2022-05-13T01:07:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8005"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-8005

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-8005

Aliases

CVE-2017-8005

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8005",
    "description": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
    "id": "GSD-2017-8005"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8005"
      ],
      "details": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",
      "id": "GSD-2017-8005",
      "modified": "2023-12-13T01:21:08.534751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-8005",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Multiple Stored Cross-Site Scripting Vulnerabilities"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038877",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038877"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
            "refsource": "CONFIRM",
            "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
          },
          {
            "name": "99591",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99591"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-8005"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jul/24",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
            },
            {
              "name": "1038877",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038877"
            },
            {
              "name": "99591",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99591"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-08-06T13:12Z",
      "publishedDate": "2017-07-17T14:29Z"
    }
  }
}

fkie_cve-2017-8005

Vulnerability from fkie_nvd

Published

2017-07-17 14:29

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jul/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99591	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038877	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
emc	rsa_identity_governance_and_lifecycle	7.0.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.1
emc	rsa_identity_governance_and_lifecycle	7.0.1.2
emc	rsa_identity_governance_and_lifecycle	7.0.1.3
emc	rsa_identity_governance_and_lifecycle	7.0.2
emc	rsa_identity_governance_and_lifecycle	7.0.2.1
emc	rsa_identity_management_and_governance	6.9.1
emc	rsa_identity_management_and_governance	6.9.1.1
emc	rsa_identity_management_and_governance	6.9.1.2
emc	rsa_identity_management_and_governance	6.9.1.3
emc	rsa_identity_management_and_governance	6.9.1.4
emc	rsa_identity_management_and_governance	6.9.1.5
emc	rsa_identity_management_and_governance	6.9.1.6
emc	rsa_identity_management_and_governance	6.9.1.7
emc	rsa_identity_management_and_governance	6.9.1.8
emc	rsa_identity_management_and_governance	6.9.1.9
emc	rsa_identity_management_and_governance	6.9.1.10
emc	rsa_identity_management_and_governance	6.9.1.11
emc	rsa_identity_management_and_governance	6.9.1.12
emc	rsa_identity_management_and_governance	6.9.1.13
emc	rsa_identity_management_and_governance	6.9.1.14
emc	rsa_identity_management_and_governance	6.9.1.15
emc	rsa_identity_management_and_governance	6.9.1.16
emc	rsa_identity_management_and_governance	6.9.1.17
emc	rsa_identity_management_and_governance	6.9.1.18
emc	rsa_identity_management_and_governance	6.9.1.19
emc	rsa_identity_management_and_governance	6.9.1.20
emc	rsa_identity_management_and_governance	6.9.1.21
emc	rsa_identity_management_and_governance	6.9.1.22
emc	rsa_identity_management_and_governance	6.9.1.23
emc	rsa_identity_management_and_governance	6.9.1.24
rsa	rsa_via_lifecycle_and_governance	7.0
rsa	rsa_via_lifecycle_and_governance	7.0.0.1
rsa	rsa_via_lifecycle_and_governance	7.0.0.2
rsa	rsa_via_lifecycle_and_governance	7.0.0.3
rsa	rsa_via_lifecycle_and_governance	7.0.0.4
rsa	rsa_via_lifecycle_and_governance	7.0.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD65ECE7-AEC0-4996-AA77-A1394CD10E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E2A38-220A-4417-882A-3D12B98F6F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED5260-0321-47F7-9637-8E5A10BACCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A348908-0266-45AA-9D4E-88CAA301B6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5288389E-1322-4441-A295-045E38B22D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB9C02F-D12B-4CCF-B4F8-3979833FFBA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8784E8C-B027-446D-92E3-E1FF3CA90BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7911EFFA-376A-4BF2-8FF4-3F773820DF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E085B6-20D0-44D8-BE5F-A93095619076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F28360-E854-459B-810E-116000656DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB4F747-283D-4C55-9AC1-2BAE838A53E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF9632-E0A8-44F7-8995-93DB5688629E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F37E7E2-A7C7-4556-9701-F53EF8CD9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC40E49-B24F-48E2-A952-B368F1821AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DADC80-FB42-466A-9411-C1591570CFBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D706444-C2CC-4AA6-83B9-1D2145226B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E913D0-CF21-431F-800D-DFC30B3C5485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E328640-2653-45FB-943B-5694813C380F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA58360-4AC1-489D-BAD1-D25B162555BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "819D0E33-9C21-4482-9F5C-8F7E3261D7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF97A4FA-A118-4603-B0CB-B8DC78D8AE46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E086173-5575-4CDE-A289-98E16CFD2E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FD8890-0E9F-46AD-9414-4B7B32102786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A52C830-8381-4182-9BB0-4DC4EFD482CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB75A283-EA87-4937-89CB-499AA9E1C6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECB5B2A0-FAC9-4BD2-845D-590BC2D101B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD73332D-C5F1-414A-9849-071F52A635AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "015FEE26-3158-4C89-A7E0-7ABAE87AE769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "73001754-E19F-40DF-95EF-7BE802365DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD8248E-6DF0-4D83-B048-11168A74AA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED2552E-20B5-4A96-AB45-EDE8C9CDD346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB09176-507F-4A9E-A316-561BE6D7725F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4765B8C0-A9C2-4D99-9D9B-9FEB8D9A8482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D8C9C5-613A-4B7F-9654-1D11C08F166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5A118-16A6-42A7-A804-F0974E30AC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "964AEB79-478C-44A7-B17A-787ED1EE5CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBE6361-CD6C-4B18-9D99-849A67081A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
    },
    {
      "lang": "es",
      "value": "Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versi\u00f3n 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), est\u00e1n afectadas por m\u00faltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podr\u00edan inyectar c\u00f3digo HTML arbitrario a la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2017-8005",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-17T14:29:01.187",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jul/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038877"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-8005 (GCVE-0-2017-8005)

Vulnerability from cvelistv5

ghsa-8wcm-px2f-w8qx

Vulnerability from github

gsd-2017-8005

Vulnerability from gsd

fkie_cve-2017-8005

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature