CVE-2017-4977 - Vulnerability Details

Vendors	Products
Emc	Rsa Archer Security Operations Management

Link	Providers
http://www.securityfocus.com/archive/1/540339/30/0/threaded
http://www.securityfocus.com/bid/97225
http://www.securitytracker.com/id/1038162

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52", "vendor": "n/a", "versions": [{"status": "affected", "version": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52"}]}], "datePublic": "2017-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system."}], "problemTypes": [{"descriptions": [{"description": "Sensitive Information Disclosure Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "97225", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97225"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"}, {"name": "1038162", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038162"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4977", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52", "version": {"version_data": [{"version_value": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Sensitive Information Disclosure Vulnerability"}]}]}, "references": {"reference_data": [{"name": "97225", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97225"}, {"name": "http://www.securityfocus.com/archive/1/540339/30/0/threaded", "refsource": "CONFIRM", "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"}, {"name": "1038162", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038162"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:43.816Z"}, "title": "CVE Program Container", "references": [{"name": "97225", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97225"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"}, {"name": "1038162", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038162"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4977", "datePublished": "2017-03-29T21:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:43.816Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 (string)

}

]

}

]

datePublic : 2017-03-29T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Sensitive Information Disclosure Vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-11T09:57:01 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

name : 97225 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/97225 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

}

2 : { »

name : 1038162 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1038162 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2017-4977 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 (string)

version : { »

version_data : [ »

0 : { »

version_value : RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Sensitive Information Disclosure Vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 97225 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/97225 (string)

}

1 : { »

name : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

refsource : CONFIRM (string)

url : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

}

2 : { »

name : 1038162 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1038162 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T14:47:43.816Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 97225 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/97225 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

}

2 : { »

name : 1038162 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1038162 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2017-4977 (string)

datePublished : 2017-03-29T21:00:00 (string)

dateReserved : 2016-12-29T00:00:00 (string)

dateUpdated : 2024-08-05T14:47:43.816Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_security_operations_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "981FB56D-504C-4542-83A3-CC9DD874A63C", "versionEndIncluding": "1.3.1.51", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system."}, {"lang": "es", "value": "EMC RSA Archer Security Operations Management con RSA Unified Collector Framework versiones anteriores a 1.3.1.52 contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial que podr\u00eda ser explotada potencialmente por usuarios malintencionados para comprometer un sistema afectado."}], "id": "CVE-2017-4977", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-29T21:59:00.143", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97225"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1038162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038162"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:emc:rsa_archer_security_operations_management:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 981FB56D-504C-4542-83A3-CC9DD874A63C (string)

versionEndIncluding : 1.3.1.51 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. (string)

}

1 : { »

lang : es (string)

value : EMC RSA Archer Security Operations Management con RSA Unified Collector Framework versiones anteriores a 1.3.1.52 contienen una vulnerabilidad de divulgación de información confidencial que podría ser explotada potencialmente por usuarios malintencionados para comprometer un sistema afectado. (string)

}

]

id : CVE-2017-4977 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 1.9 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-03-29T21:59:00.143 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

}

1 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/97225 (string)

}

2 : { »

source : security_alert@emc.com (string)

url : http://www.securitytracker.com/id/1038162 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/540339/30/0/threaded (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/97225 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1038162 (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object