CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5003
https://notcve.org/view.php?id=CVE-2017-5003
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (todos los niveles de parches); y RSA Identity Management and Governance (IMG) versión 6.9.1 (todos los niveles de parches) de EMC, presentan vulnerabilidades de tipo Cross Site Scripting Reflejado que podrían ser explotadas potencialmente por usuarios maliciosos para comprometer un sistema afectado. • http://www.securityfocus.com/archive/1/540693/30/0/threaded http://www.securityfocus.com/bid/98974 http://www.securitytracker.com/id/1038648 https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0918
https://notcve.org/view.php?id=CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. EMC RSA Identity Management and Governance en versiones anteriores a 6.8.1 P25 y 6.9.x en versiones anteriores a 6.9.1 P15 y RSA Via Lifecycle and Governance en versiones anteriores a 7.0.0 P04 permiten a usuarios remotos autenticados obtener información de User Detail Popup a través de una URL modificada. • http://seclists.org/bugtraq/2016/Sep/52 http://www.securityfocus.com/bid/93108 http://www.securitytracker.com/id/1036896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4539
https://notcve.org/view.php?id=CVE-2015-4539
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Identity Management & Governance (IMG) en versiones anteriores a 7.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Sep/36 http://www.securitytracker.com/id/1033520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4540
https://notcve.org/view.php?id=CVE-2015-4540
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Identity Management & Governance (IMG) en versiones anteriores a 6.8.1 P18 y 6.9.x en versiones anteriores 6.9.1 P6, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Sep/36 http://www.securitytracker.com/id/1033520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0532
https://notcve.org/view.php?id=CVE-2015-0532
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account. EMC RSA Identity Management and Governance (IMG) 6.9 anterior a P04 y 6.9.1 anterior a P01 no restringe correctamente las reconfiguraciones de contraseñas, lo que permite a atacantes remotos obtener el acceso a través de el uso manipulado del proceso de reconfiguración para un nombre de cuenta válido arbitrario, tal y como fue demostrado por una cuenta privilegiada. • http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html http://seclists.org/bugtraq/2015/Apr/204 http://www.securitytracker.com/id/1032218 • CWE-264: Permissions, Privileges, and Access Controls •