CVE-2017-5003Cross-site Scripting in RSA Identity Governance AND Lifecycle

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
EMC RSA Identity Governance AND LifecycleEMC RSA Identity Management AND GovernanceRSA VIA Lifecycle AND Governance
Timeline
PublishedJun 9
Latest updateApr 30

Description

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-9pwr-594w-vfp8: EMC RSA Identity Governance and Lifecycle versions 72022-04-30
CVEList
CVE-2017-5003: EMC RSA Identity Governance and Lifecycle versions 72017-06-09
CVE-2017-5003 — Cross-site Scripting | cvebase