CVE-2017-8005

MEDIUM

EMC Rsa Identity Governance And Lifecycle - XSS

Title source: rule

Description

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.

References (3)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Jul/24

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99591

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038877

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (38)

emc/rsa_identity_governance_and_lifecycle

emc/rsa_identity_management_and_governance

... and 28 more

Published Jul 17, 2017

Tracked Since Feb 18, 2026