CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2017-8005
https://notcve.org/view.php?id=CVE-2017-8005
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. Los productos RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG de EMC (RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2, todos los niveles de parches ; RSA Via Lifecycle and Governance versión 7.0, todos los niveles de parches; RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, todos los niveles de parches), están afectadas por múltiples vulnerabilidades de tipo cross-site scripting almacenadas. Los usuarios maliciosos autenticados remotos podrían inyectar código HTML arbitrario a la aplicación. • http://seclists.org/fulldisclosure/2017/Jul/24 http://www.securityfocus.com/bid/99591 http://www.securitytracker.com/id/1038877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0918
https://notcve.org/view.php?id=CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. EMC RSA Identity Management and Governance en versiones anteriores a 6.8.1 P25 y 6.9.x en versiones anteriores a 6.9.1 P15 y RSA Via Lifecycle and Governance en versiones anteriores a 7.0.0 P04 permiten a usuarios remotos autenticados obtener información de User Detail Popup a través de una URL modificada. • http://seclists.org/bugtraq/2016/Sep/52 http://www.securityfocus.com/bid/93108 http://www.securitytracker.com/id/1036896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •