CVE-2017-4978 - OpenCVE

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rsa	Adaptive Authentication \(on Premise\)

Configuration 1 [-]

cpe:2.3:a:rsa:adaptive_authentication_\(on_premise\):*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/540552/30/0/threaded
http://www.securityfocus.com/bid/98392
http://www.securitytracker.com/id/1038469

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-05-19T15:00:00

Updated: 2024-08-05T14:47:43.660Z

Reserved: 2016-12-29T00:00:00

Link: CVE-2017-4978

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-19T15:29:00.197

Modified: 2017-07-08T01:29:12.553

Link: CVE-2017-4978

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC RSA Adaptive Authentication (On-Premise) RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive)", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC RSA Adaptive Authentication (On-Premise) RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive)"}]}], "datePublic": "2017-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1038469", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038469"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.securityfocus.com/archive/1/540552/30/0/threaded"}, {"name": "98392", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98392"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4978", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC RSA Adaptive Authentication (On-Premise) RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive)", "version": {"version_data": [{"version_value": "EMC RSA Adaptive Authentication (On-Premise) RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting Vulnerability"}]}]}, "references": {"reference_data": [{"name": "1038469", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038469"}, {"name": "http://www.securityfocus.com/archive/1/540552/30/0/threaded", "refsource": "CONFIRM", "url": "http://www.securityfocus.com/archive/1/540552/30/0/threaded"}, {"name": "98392", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98392"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:43.660Z"}, "title": "CVE Program Container", "references": [{"name": "1038469", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038469"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540552/30/0/threaded"}, {"name": "98392", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98392"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4978", "datePublished": "2017-05-19T15:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:43.660Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsa:adaptive_authentication_\\(on_premise\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "B2801027-136D-4B04-9BAE-E01C9005714A", "versionEndIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."}, {"lang": "es", "value": "RSA Adaptive Authentication (On-Premise) versiones anteriores a 7.3 P2 (exclusivo) de EMC, contienen una soluci\u00f3n para una vulnerabilidad de tipo cross-site scripting que podr\u00eda ser potencialmente explotada por usuarios maliciosos para comprometer el sistema afectado."}], "id": "CVE-2017-4978", "lastModified": "2017-07-08T01:29:12.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-19T15:29:00.197", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540552/30/0/threaded"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98392"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1038469"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}