How severe is CVE-2017-8004?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2017-8004?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2017-8004 - HIGH Severity | CVSS 7.2

Vulnerability Description

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.

Related Vulnerabilities

CVE-2011-3611

HIGH

CVSS:7.2(High)

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

CWE-202011

CVE-2014-5362

HIGH

CVSS:7.2(High)

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...

CWE-202014

CVE-2015-2202

HIGH

CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CWE-202015

CVE-2016-3654

HIGH

CVSS:7.2(High)

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote aut...

CWE-202016

CVE-2016-5840

HIGH

CVSS:7.2(High)

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename ...

CWE-202016

CVE-2017-12148

HIGH

CVSS:7.2(High)

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacke...

CWE-202017