EMC RSA Adaptive Authentication (On Premise) CVE-2017-4978 Cross Site Scripting Vulnerability

EMC RSA Adaptive Authentication (On Premise) is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to RSA Adaptive Authentication (On Premise) 7.3 P2 are vulnerable.

Information

Bugtraq ID: 98392
Class: Input Validation Error
CVE: CVE-2017-4978

Remote: Yes
Local: No
Published: May 11 2017 12:00AM
Updated: May 11 2017 11:08AM
Credit: The vendor reported this issue.
Vulnerable: EMC RSA Adaptive Authentication (On-Premise) 7.3
EMC RSA Adaptive Authentication (On-Premise) 7.2.0.0.SP0.P0 HF20
EMC RSA Adaptive Authentication (On-Premise) 7.1.0.0.SP0.P6 HF50
EMC RSA Adaptive Authentication (On-Premise) 7.1 SP0 P2
EMC RSA Adaptive Authentication (On-Premise) 7.1 P4
EMC RSA Adaptive Authentication (On-Premise) 7.1 P3
EMC RSA Adaptive Authentication (On-Premise) 6.0.2.1.SP3.P4 HF210
EMC RSA Adaptive Authentication (On-Premise) 6.0.2.1

Not Vulnerable: EMC RSA Adaptive Authentication (On-Premise) 7.3 P2

Exploit

An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.

References:

• Adaptive Authentication Homepage (RSA)
  
• EMC Homepage (EMC)
  
• EMC Identifier: ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Si (EMC)
  

Source: www.securityfocus.com