CVE-2017-4978 : Security Advisory and Response

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contain a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Understanding CVE-2017-4978

Versions of EMC RSA Adaptive Authentication (On-Premise) older than 7.3 P2 (excluding this version) have been updated to address a cross-site scripting vulnerability.

What is CVE-2017-4978?

CVE-2017-4978 is a cross-site scripting vulnerability found in EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive).
Malicious users could exploit this vulnerability to compromise the affected system.

The Impact of CVE-2017-4978

The vulnerability could lead to unauthorized access, data theft, and system compromise.

Technical Details of CVE-2017-4978

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) are affected by a cross-site scripting vulnerability.

Vulnerability Description

The vulnerability allows malicious users to execute scripts in the victim's browser, potentially leading to unauthorized actions.

Affected Systems and Versions

Affected system: EMC RSA Adaptive Authentication (On-Premise)
Vulnerable versions: Versions prior to 7.3 P2 (exclusive)

Exploitation Mechanism

Malicious users can inject scripts into web pages viewed by other users, leading to unauthorized access and data theft.

Mitigation and Prevention

Immediate Steps to Take:

Update EMC RSA Adaptive Authentication (On-Premise) to version 7.3 P2 or later.
Monitor system logs for any suspicious activities. Long-Term Security Practices:
Regularly conduct security assessments and penetration testing.
Educate users on safe browsing practices and awareness of phishing attempts.
Implement web application firewalls and security protocols.
Patching and Updates:
Apply security patches and updates promptly to address known vulnerabilities.