Lucene search

K
cve[email protected]CVE-2017-8016
HistoryOct 11, 2017 - 7:29 p.m.

CVE-2017-8016

2017-10-1119:29:00
CWE-79
web.nvd.nist.gov
21
rsa archer
grc platform
6.2.0.5
stored xss
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.9%

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user’s browser session in the context of the affected RSA Archer application.

Affected configurations

NVD
Node
emcarcher_grc_platformRange6.2.0.4

CNA Affected

[
  {
    "product": "RSA Archer GRC Platform versions prior to 6.2.0.5",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "RSA Archer GRC Platform versions prior to 6.2.0.5"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.9%

Related for CVE-2017-8016