CVE-2017-8004: Input Validation
First published: Mon Jul 17 2017(Updated: )
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Identity Management and Governance | =7.0.1 | |
| EMC RSA Identity Management and Governance | =7.0.1.1 | |
| EMC RSA Identity Management and Governance | =7.0.1.2 | |
| EMC RSA Identity Management and Governance | =7.0.1.3 | |
| EMC RSA Identity Management and Governance | =7.0.2 | |
| EMC RSA Identity Management and Governance | =7.0.2.1 | |
| EMC RSA Identity Management and Governance | =6.9.1 | |
| EMC RSA Identity Management and Governance | =6.9.1.1 | |
| EMC RSA Identity Management and Governance | =6.9.1.2 | |
| EMC RSA Identity Management and Governance | =6.9.1.3 | |
| EMC RSA Identity Management and Governance | =6.9.1.4 | |
| EMC RSA Identity Management and Governance | =6.9.1.5 | |
| EMC RSA Identity Management and Governance | =6.9.1.6 | |
| EMC RSA Identity Management and Governance | =6.9.1.7 | |
| EMC RSA Identity Management and Governance | =6.9.1.8 | |
| EMC RSA Identity Management and Governance | =6.9.1.9 | |
| EMC RSA Identity Management and Governance | =6.9.1.10 | |
| EMC RSA Identity Management and Governance | =6.9.1.11 | |
| EMC RSA Identity Management and Governance | =6.9.1.12 | |
| EMC RSA Identity Management and Governance | =6.9.1.13 | |
| EMC RSA Identity Management and Governance | =6.9.1.14 | |
| EMC RSA Identity Management and Governance | =6.9.1.15 | |
| EMC RSA Identity Management and Governance | =6.9.1.16 | |
| EMC RSA Identity Management and Governance | =6.9.1.17 | |
| EMC RSA Identity Management and Governance | =6.9.1.18 | |
| EMC RSA Identity Management and Governance | =6.9.1.19 | |
| EMC RSA Identity Management and Governance | =6.9.1.20 | |
| EMC RSA Identity Management and Governance | =6.9.1.21 | |
| EMC RSA Identity Management and Governance | =6.9.1.22 | |
| EMC RSA Identity Management and Governance | =6.9.1.23 | |
| EMC RSA Identity Management and Governance | =6.9.1.24 | |
| Dell RSA Identity Governance and Lifecycle | =7.0 | |
| Dell RSA Identity Governance and Lifecycle | =7.0.0.1 | |
| Dell RSA Identity Governance and Lifecycle | =7.0.0.2 | |
| Dell RSA Identity Governance and Lifecycle | =7.0.0.3 | |
| Dell RSA Identity Governance and Lifecycle | =7.0.0.4 | |
| Dell RSA Identity Governance and Lifecycle | =7.0.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-8004?
CVE-2017-8004 has been rated as high severity due to potential unauthorized access and privilege escalation risks.
How do I fix CVE-2017-8004?
To fix CVE-2017-8004, it is recommended to apply the latest security patches provided by EMC RSA for the affected products.
What versions are affected by CVE-2017-8004?
CVE-2017-8004 affects EMC RSA Identity Governance and Lifecycle versions 7.0.1 and 7.0.2 as well as RSA Identity Management and Governance version 6.9.1.
What products are impacted by CVE-2017-8004?
The impacted products include EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA Identity Management and Governance.
Is there a workaround for CVE-2017-8004?
Currently, the primary mitigation strategy for CVE-2017-8004 is to update to the patched versions of the affected software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/emc rsa identity management and governance
- version/emc rsa identity management and governance/7.0.1
- version/emc rsa identity management and governance/7.0.1.1
- version/emc rsa identity management and governance/7.0.1.2
- version/emc rsa identity management and governance/7.0.1.3
- version/emc rsa identity management and governance/7.0.2
- version/emc rsa identity management and governance/7.0.2.1
- version/emc rsa identity management and governance/6.9.1
- version/emc rsa identity management and governance/6.9.1.1
- version/emc rsa identity management and governance/6.9.1.2
- version/emc rsa identity management and governance/6.9.1.3
- version/emc rsa identity management and governance/6.9.1.4
- version/emc rsa identity management and governance/6.9.1.5
- version/emc rsa identity management and governance/6.9.1.6
- version/emc rsa identity management and governance/6.9.1.7
- version/emc rsa identity management and governance/6.9.1.8
- version/emc rsa identity management and governance/6.9.1.9
- version/emc rsa identity management and governance/6.9.1.10
- version/emc rsa identity management and governance/6.9.1.11
- version/emc rsa identity management and governance/6.9.1.12
- version/emc rsa identity management and governance/6.9.1.13
- version/emc rsa identity management and governance/6.9.1.14
- version/emc rsa identity management and governance/6.9.1.15
- version/emc rsa identity management and governance/6.9.1.16
- version/emc rsa identity management and governance/6.9.1.17
- version/emc rsa identity management and governance/6.9.1.18
- version/emc rsa identity management and governance/6.9.1.19
- version/emc rsa identity management and governance/6.9.1.20
- version/emc rsa identity management and governance/6.9.1.21
- version/emc rsa identity management and governance/6.9.1.22
- version/emc rsa identity management and governance/6.9.1.23
- version/emc rsa identity management and governance/6.9.1.24
- vendor/rsa
- canonical/dell rsa identity governance and lifecycle
- version/dell rsa identity governance and lifecycle/7.0
- version/dell rsa identity governance and lifecycle/7.0.0.1
- version/dell rsa identity governance and lifecycle/7.0.0.2
- version/dell rsa identity governance and lifecycle/7.0.0.3
- version/dell rsa identity governance and lifecycle/7.0.0.4
- version/dell rsa identity governance and lifecycle/7.0.0.5