CVE-2017-5002
Last modified
CVE-2017-5002 is a vulnerability of currently unknown severity. EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. EPSS estimates a 1.15% chance of exploitation in the next 30 days.
Description
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Archer Egrc | 5.4.1.3 |
| Emc | Rsa Archer Egrc | 5.5.1.1 |
| Emc | Rsa Archer Egrc | 5.5.1.3.1 |
| Emc | Rsa Archer Egrc | 5.5.2 |
| Emc | Rsa Archer Egrc | 5.5.2.3 |
| Emc | Rsa Archer Egrc | 5.5.3.1 |
References
- http://seclists.org/fulldisclosure/2017/Jun/49Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/99354Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038815Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Jun/49Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/99354Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038815Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5002?
How severe is CVE-2017-5002?
How do I fix CVE-2017-5002?
Are you affected by CVE-2017-5002?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST