CVE-2017-5004

MEDIUM

RSA Identity Governance and Lifecycle 7.0.1-7.0.2 - Stored Cross-Site Scripting

Title source: llm

Description

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

References (4)

Core 4

Core References

Third Party Advisory

https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038648

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98968

Broken Link, Third Party Advisory, VDB Entry x_refsource_confirm

http://www.securityfocus.com/archive/1/540693/30/0/threaded

Scores

CVSS v3 5.4

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (5)

emc/rsa_identity_governance_and_lifecycle 7.0.1

emc/rsa_identity_governance_and_lifecycle 7.0.2

emc/rsa_identity_management_and_governance 6.9.1

n/a/RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and

rsa/rsa_via_lifecycle_and_governance 7.0

Published Jun 09, 2017

Tracked Since Feb 18, 2026