CVE-2017-5002

{"id": "CVE-2017-5002", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-07-07T00:29:00.447", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Jun/49", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/99354", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1038815", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred."}, {"lang": "es", "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 es afectado por una vulnerabilidad de redirecci\u00f3n. Un atacante remoto sin privilegios puede redireccionar a usuarios leg\u00edtimos y conducirles a un ataque de phishing. El atacante puede robar las credenciales de la v\u00edctima y autenticarse silenciosamente en la aplicaci\u00f3n RSA Archer sin que la victima se de cuenta del ataque."}], "lastModified": "2017-07-17T18:08:26.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}