Vulnerability Details

ID: CVE-2014-0639

Last Modified: Aug. 13, 2015

Open in new window

Description

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS V2

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: None

Integrity Impact: Partial

Availability Impact: None

Base Score: 4.3

Exploitability Score: 8.6

Impact Score: 2.9

CVSS V2: AV:N/AC:M/Au:N/C:N/I:P/A:N

Specialize CVSS-Score

CWE-ID

CWE-79

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:emc:rsa_archer_egrc:5.2:::::::* Part: a Product: rsa_archer_egrc Vendor: emc Version: 5.2	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_archer_egrc:5.0:::::::* Part: a Product: rsa_archer_egrc Vendor: emc Version: 5.0	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_archer_egrc:5.3:::::::* Part: a Product: rsa_archer_egrc Vendor: emc Version: 5.3	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_archer_egrc:5.1:::::::* Part: a Product: rsa_archer_egrc Vendor: emc Version: 5.1	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:::::: Part: a Product: rsa_archer_egrc Update: sp1 Vendor: emc Version: 5.4	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_archer_egrc:5.4:::::::* Part: a Product: rsa_archer_egrc Vendor: emc Version: 5.4	Alle Schwachstellen für emc

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>