CVE-2017-5002 Information

Description

EMC RSA Archer 5.4.1.3 5.5.3.1 5.5.2.3 5.5.2 5.5.1.3.1 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://seclists.org/fulldisclosure/2017/Jun/49 http://www.securityfocus.com/bid/99354 http://www.securitytracker.com/id/1038815

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1