{"containers": {"cna": {"affected": [{"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", "vendor": "n/a", "versions": [{"status": "affected", "version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"}]}], "datePublic": "2017-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages."}], "problemTypes": [{"descriptions": [{"description": "Authorization Bypass Through User-Controlled Key Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "99354", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99354"}, {"name": "1038815", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038815"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2017/Jun/49"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4999", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", "version": {"version_data": [{"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authorization Bypass Through User-Controlled Key Vulnerability"}]}]}, "references": {"reference_data": [{"name": "99354", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99354"}, {"name": "1038815", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038815"}, {"name": "http://seclists.org/fulldisclosure/2017/Jun/49", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2017/Jun/49"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:44.127Z"}, "title": "CVE Program Container", "references": [{"name": "99354", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99354"}, {"name": "1038815", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038815"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Jun/49"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4999", "datePublished": "2017-07-07T00:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:44.127Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages."}, {"lang": "es", "value": "RSA Archer versiones 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 de EMC, est\u00e1 afectado por una omisi\u00f3n de autorizaci\u00f3n por medio de una vulnerabilidad de clave controlada por el usuario en los Mensajes del Foro de Discusi\u00f3n. Un atacante remoto con pocos privilegios puede explotar potencialmente esta vulnerabilidad para elevar sus privilegios y visualizar los mensajes del foro de discusi\u00f3n de otros usuarios."}], "id": "CVE-2017-4999", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-07T00:29:00.303", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jun/49"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99354"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jun/49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038815"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}