CVE-2011-3339
published 2011-12-17CVE-2011-3339: Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.46%
70.2th percentile
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7t | igss | — | — |
| safenet-inc | sentinel_hasp_run-time | <= 5.95 | — |
| safenet-inc | sentinel_hasp_sdk | <= 5.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-93x7-9wp8-8w2c: Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5
ghsa_unreviewed·2022-05-17
CVE-2011-3339 [MEDIUM] CWE-79 GHSA-93x7-9wp8-8w2c: Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.
CISA ICS
Safenet Sentinel and 7-T Input Sanitization Vulnerability
cisa_ics·2013-08-29
Safenet Sentinel and 7-T Input Sanitization Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Safenet Sentinel and 7-T Input Sanitization Vulnerability
Last RevisedAugust 29, 2013
Alert CodeICSA-11-314-01
## Overview
ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update.
Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input sanitization vulnerability in SafeNet Sentinel HASP Software Rights Management (HASP-SRM) license management application.
ICS-CERT has coordinated the researcher’s vulnerabilit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/http://www.securityfocus.com/bid/51028http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71789http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/http://www.securityfocus.com/bid/51028http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71789
2011-12-17
Published