CVE-2017-5003 (GCVE-0-2017-5003)
Vulnerability from cvelistv5
Published
2017-06-09 21:00
Modified
2024-08-05 14:47
Severity ?
CWE
  • Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities
Summary
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
References
Impacted products
Vendor Product Version
n/a RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels Version: RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:43.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038648",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038648"
          },
          {
            "name": "98974",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98974"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels"
            }
          ]
        }
      ],
      "datePublic": "2017-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038648",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038648"
        },
        {
          "name": "98974",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98974"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-5003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038648",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038648"
            },
            {
              "name": "98974",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98974"
            },
            {
              "name": "http://www.securityfocus.com/archive/1/540693/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-5003",
    "datePublished": "2017-06-09T21:00:00",
    "dateReserved": "2016-12-29T00:00:00",
    "dateUpdated": "2024-08-05T14:47:43.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5003\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-06-09T21:29:00.173\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.\"},{\"lang\":\"es\",\"value\":\"RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches);  RSA Via Lifecycle and Governance versi\u00f3n 7.0 (todos los niveles de parches); y RSA Identity Management and Governance (IMG) versi\u00f3n 6.9.1 (todos los niveles de parches) de EMC, presentan vulnerabilidades de tipo Cross Site Scripting Reflejado que podr\u00edan ser explotadas potencialmente por usuarios maliciosos para comprometer un sistema afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD65ECE7-AEC0-4996-AA77-A1394CD10E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5288389E-1322-4441-A295-045E38B22D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8784E8C-B027-446D-92E3-E1FF3CA90BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB09176-507F-4A9E-A316-561BE6D7725F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/540693/30/0/threaded\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/98974\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038648\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/540693/30/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/98974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038648\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.