CVE-2017-8005 Information
Feb 14, 2021
cve
Description
The EMC RSA Identity Governance and Lifecycle RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1 7.0.2 all patch levels; RSA Via Lifecycle and Governance version 7.0 all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1 all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
http://seclists.org/fulldisclosure/2017/Jul/24 http://www.securityfocus.com/bid/99591 http://www.securitytracker.com/id/1038877
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: