NVD Vulnerability Detail

CVE-2017-5003

Summary	EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
Publication Date	June 10, 2017, 6:29 a.m.
Registration Date	Jan. 26, 2021, 1:25 p.m.
Last Update	Nov. 21, 2024, 12:26 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:::::::*
cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:::::::*
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:::::::*
cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://web.archive.org/web/20210116013250/http://www.securityfocus.com/archive/1/540693/30/0/threaded	MISC	Third Party Advisory
2	http://www.securityfocus.com/archive/1/540693/30/0/threaded		Broken Link Third Party Advisory VDB Entry
3	http://www.securityfocus.com/archive/1/540693/30/0/threaded		Broken Link Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/98974		Broken Link Third Party Advisory VDB Entry
5	http://www.securityfocus.com/bid/98974		Broken Link Third Party Advisory VDB Entry
6	http://www.securitytracker.com/id/1038648		Broken Link Third Party Advisory VDB Entry
7	http://www.securitytracker.com/id/1038648		Broken Link Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

複数の EMC RSA 製品における反射型クロスサイトスクリプティングの脆弱性

Title	複数の EMC RSA 製品における反射型クロスサイトスクリプティングの脆弱性
Summary	EMC RSA Identity Governance and Lifecycle 、RSA Via Lifecycle and Governance、および RSA Identity Management and Governance (IMG) には、反射型クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 8, 2017, midnight
Registration Date	July 10, 2017, 3:09 p.m.
Last Update	July 10, 2017, 3:09 p.m.

Affected System

DELL EMC (旧 EMC Corporation)

RSA Identity Governance and Lifecycle 7.0.2

RSA Identity Governance and Lifecycle 7.0.1

RSA Identity Management and Governance 6.9.1

RSA Via Lifecycle and Governance 7.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-5003	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5003
National Vulnerability Database (NVD)
2	CVE-2017-5003	https://nvd.nist.gov/vuln/detail/CVE-2017-5003

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
RSA
1	Top Page	https://www.rsa.com/en-us/products

その他

No	Name	URL
関連文書
1	ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities	http://www.securityfocus.com/archive/1/540693/30/0/threaded

Change Log

No	Changed Details	Date of change
0	[2017年07月10日] 掲載	Feb. 17, 2018, 10:37 a.m.