// For flags

CVE-2017-5003

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (todos los niveles de parches); y RSA Identity Management and Governance (IMG) versión 6.9.1 (todos los niveles de parches) de EMC, presentan vulnerabilidades de tipo Cross Site Scripting Reflejado que podrían ser explotadas potencialmente por usuarios maliciosos para comprometer un sistema afectado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-29 CVE Reserved
  • 2017-06-09 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Emc
Search vendor "Emc"
Rsa Identity Governance And Lifecycle
Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle"
7.0.1
Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle" and version "7.0.1"
-
Affected
Emc
Search vendor "Emc"
Rsa Identity Governance And Lifecycle
Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle"
7.0.2
Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle" and version "7.0.2"
-
Affected
Emc
Search vendor "Emc"
Rsa Identity Management And Governance
Search vendor "Emc" for product "Rsa Identity Management And Governance"
6.9.1
Search vendor "Emc" for product "Rsa Identity Management And Governance" and version "6.9.1"
-
Affected
Rsa
Search vendor "Rsa"
Rsa Via Lifecycle And Governance
Search vendor "Rsa" for product "Rsa Via Lifecycle And Governance"
7.0
Search vendor "Rsa" for product "Rsa Via Lifecycle And Governance" and version "7.0"
-
Affected