CVE-2017-8000
Last modified
CVE-2017-8000 is a vulnerability of currently unknown severity. In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Emc | Rsa Authentication Manager | <= 8.2 | Sp1 |
References
- http://seclists.org/fulldisclosure/2017/Jul/25Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/99572Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038878Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Jul/25Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/99572Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038878Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8000?
How severe is CVE-2017-8000?
How do I fix CVE-2017-8000?
Are you affected by CVE-2017-8000?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST