| Vulnerability Name: | CVE-2017-5002 (CCN-128037) | ||||||||||||
| Assigned: | 2016-12-29 | ||||||||||||
| Published: | 2017-06-29 | ||||||||||||
| Updated: | 2017-07-17 | ||||||||||||
| Summary: | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-601 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-5002 Source: CCN Type: EMC Security Advisory ESA-2017-063 RSA Archer GRC Platform Multiple Vulnerabilities Source: CONFIRM Type: Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2017/Jun/49 Source: BID Type: Third Party Advisory, VDB Entry 99354 Source: CCN Type: BID-99354 EMC RSA Archer GRC Multiple Security Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038815 Source: XF Type: UNKNOWN rsa-archeregrc-cve20175002-open-redirect(128037) Source: CCN Type: RSA Web site RSA | Security Solutions to Address Cyber Threats | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||