CVE-2017-4998 Information

Description

EMC RSA Archer 5.4.1.3 5.5.3.1 5.5.2.3 5.5.2 5.5.1.3.1 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim using the authenticated user’s privileges.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2017/Jun/49 http://www.securityfocus.com/bid/99354 http://www.securitytracker.com/id/1038815

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8