CVE-2014-0637

Published Apr 4, 2014

Last updated 11 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Source: security_alert@emc.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80A3CC42-F8E3-4F86-BE36-DCE357B2285B"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "523180D3-6A84-43F6-9377-86C8D209110F"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F97E490D-12E8-420C-990E-2BB4B97D86D1"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E18C647-3264-46A0-8411-4DB02E470217"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30CE0F82-18A5-4E1F-B096-8A85AF85F4C4"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250D48AB-3B67-402F-AE85-DF8B12E10D32"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "504CA1D2-9915-4ABF-9D08-C8ED5F86F34A"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70018989-D22D-4817-BAD9-ACCC949630E8"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B586DD60-483D-452E-86B6-78C381A10ED8"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4055596-785A-49C2-B7C0-2ADCCD975DF9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References