EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99354 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038815 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99354 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038815 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2017/Jun/49 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/99354 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1038815 - Third Party Advisory, VDB Entry |
Information
Published : 2017-07-07 00:29
Updated : 2024-11-21 03:26
NVD link : CVE-2017-5002
Mitre link : CVE-2017-5002
CVE.ORG link : CVE-2017-5002
JSON object : View
Products Affected
emc
- rsa_archer_egrc
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')