CVE-2017-5002

Опубликовано: 07 июл. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.

Ссылки

http://seclists.org/fulldisclosure/2017/Jun/49
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/99354
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038815
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Jun/49
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/99354
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038815
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00278

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-6jxg-h6pq-3jg6