The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Jul/24 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99591 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038877 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Jul/24 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99591 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038877 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2017/Jul/24 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/99591 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1038877 - Third Party Advisory, VDB Entry |
Information
Published : 2017-07-17 14:29
Updated : 2024-11-21 03:33
NVD link : CVE-2017-8004
Mitre link : CVE-2017-8004
CVE.ORG link : CVE-2017-8004
JSON object : View
Products Affected
rsa
- rsa_via_lifecycle_and_governance
emc
- rsa_identity_management_and_governance
- rsa_identity_governance_and_lifecycle
CWE
CWE-20
Improper Input Validation