← Back

CVE-2017-5004

nvd nist
Published: Jun 9, 2017Modified: May 13, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

Affected (4)

Emc
2 products
Rsa Identity Governance And Lifecycle
Rsa Identity Management And Governance
Rsa
1 product
Rsa Via Lifecycle And Governance
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Emc
Rsa Identity Governance And Lifecycle
Version 7.0.1
Rsa Identity Governance And Lifecycle
Version 7.0.2
Rsa Identity Management And Governance
Version 6.9.1
Rsa Via Lifecycle And Governance
Version 7.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (7)

Source: security_alert@emc.com
Broken LinkThird Party AdvisoryVDB Entry
Source: security_alert@emc.com
Broken LinkThird Party AdvisoryVDB Entry
Source: security_alert@emc.com
Broken LinkThird Party AdvisoryVDB Entry
Source: nvd@nist.gov
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry

Timeline

No history available yet.