CVE-2017-5002
Published Jul 7, 2017
Last updated 7 years ago
Overview
- Description
- EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-601
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460"
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207"
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1"
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5"
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D"
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B"
}
],
"operator": "OR"
}
]
}
]