Vulnerability Name:

CVE-2011-3339 (CCN-71789)

Assigned:2011-12-12
Published:2011-12-12
Updated:2017-08-29
Summary:Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-3339

Source: CCN
Type: SA47349
SafeNet Sentinel HASP Admin Control Center Script Insertion Weakness

Source: CCN
Type: 7T IGSS Web Site
7-Technologies | Software for profitable operation of industrial plants and utilities

Source: CCN
Type: OSVDB ID: 77991
SafeNet Sentinel HASP Admin Control Center Unspecified XSS

Source: CONFIRM
Type: Vendor Advisory
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/

Source: BID
Type: UNKNOWN
51028

Source: CCN
Type: BID-51028
SafeNet Sentinel HASP and 7T IGSS Unspecified HTML Injection Vulnerability

Source: CCN
Type: ICSA-11-314-0
SAFENET SENTINEL AND 7T IGSS INPUT SANITIZATION VULNERABILITY

Source: MISC
Type: Third Party Advisory, US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf

Source: CCN
Type: SafeBet Sentinel HASP Web Site
USB Driver Downloads - HASP Drivers

Source: XF
Type: UNKNOWN
safenet-unspecified-xss(71789)

Source: XF
Type: UNKNOWN
safenet-unspecified-xss(71789)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:7t:igss:7:*:*:*:*:*:*:*
  • OR cpe:/a:safenet-inc:sentinel_hasp_run-time:*:*:*:*:*:*:*:* (Version <= 5.95)
  • OR cpe:/a:safenet-inc:sentinel_hasp_sdk:*:*:*:*:*:*:*:* (Version <= 5.10)
  • AND
  • cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    7t igss 7
    safenet-inc sentinel hasp run-time *
    safenet-inc sentinel hasp sdk *
    mozilla firefox 2.0