The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Jul/24 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99591 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038877 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-07-17 14:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-8004
Mitre link : CVE-2017-8004
CVE.ORG link : CVE-2017-8004
JSON object : View
Products Affected
emc
- rsa_identity_governance_and_lifecycle
- rsa_identity_management_and_governance
rsa
- rsa_via_lifecycle_and_governance
CWE
CWE-20
Improper Input Validation