CVE-2012-2292

Published Feb 6, 2013

Last updated 3 months ago

CVSS info 7.5

Overview

Description: The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References