Lucene search

MitreCVE-2007-4900

HistorySep 14, 2007 - 6:17 p.m.

CVE-2007-4900

2007-09-1418:17:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-4900

cross-site scripting

xss

rsa envision

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.

Affected configurations

Nvd

Node

rsaenvisionMatch3.3.6_build_0115

VendorProductVersionCPE
rsaenvision3.3.6_build_0115cpe:2.3:a:rsa:envision:3.3.6_build_0115:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	envision	3.3.6_build_0115	cpe:2.3:a:rsa:envision:3.3.6_build_0115:::::::*

References

osvdb.org/37099

secunia.com/advisories/26707

securityreason.com/securityalert/3137

www.securityfocus.com/archive/1/479183/100/0/threaded

www.securityfocus.com/bid/25645

www.vupen.com/english/advisories/2007/3198

exchange.xforce.ibmcloud.com/vulnerabilities/36575

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Related for CVE-2007-4900