CVE-2015-0521
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
Vulnerabilidad de XSS en EMC RSA Certificate Manager (RCM) anterior a 6.9 build 558 y RSA Registration Manager (RRM) anterior a 6.9 build 558 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con el parámetro CMP shared secret.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-17 CVE Reserved
- 2015-03-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html | X_refsource_misc |
|
| http://seclists.org/bugtraq/2015/Mar/47 | Mailing List |
|
| http://www.securitytracker.com/id/1031912 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Certificate Manager Search vendor "Emc" for product "Rsa Certificate Manager" | <= 6.8 Search vendor "Emc" for product "Rsa Certificate Manager" and version " <= 6.8" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Registration Manager Search vendor "Emc" for product "Rsa Registration Manager" | <= 6.8 Search vendor "Emc" for product "Rsa Registration Manager" and version " <= 6.8" | - |
Affected
| ||||||