Lucene search

[email protected]CVE-2007-4900

HistorySep 14, 2007 - 6:17 p.m.

CVE-2007-4900

2007-09-1418:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-4900

cross-site scripting

xss

rsa envision

security vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.2%

JSON

Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.

CPENameOperatorVersion
rsa:envisionrsa envisioneq3.3.6_build_0115

CPE	Name	Operator	Version
rsa:envision	rsa envision	eq	3.3.6_build_0115

References

osvdb.org/37099

secunia.com/advisories/26707

securityreason.com/securityalert/3137

www.securityfocus.com/archive/1/479183/100/0/threaded

www.securityfocus.com/bid/25645

www.vupen.com/english/advisories/2007/3198

exchange.xforce.ibmcloud.com/vulnerabilities/36575

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVE-2007-4900

cvelist1 prion1