CVE-2017-8004

Name of the Vulnerable Software and Affected Versions EMC RSA Identity Governance and Lifecycle versions 7.0.1 through 7.0.2 RSA Via Lifecycle and Governance version 7.0 RSA Identity Management and Governance (RSA IMG) version 6.9.1

Description The issue allows an application administrator to upload arbitrary files that may potentially contain malicious code. The malicious file could then be executed on the affected system with the privileges of the user the application is running under.

Recommendations For EMC RSA Identity Governance and Lifecycle versions 7.0.1 through 7.0.2, consider restricting file upload capabilities to prevent arbitrary file uploads until a patch is available. For RSA Via Lifecycle and Governance version 7.0, restrict file upload capabilities to prevent arbitrary file uploads until a patch is available. For RSA Identity Management and Governance (RSA IMG) version 6.9.1, restrict file upload capabilities to prevent arbitrary file uploads until a patch is available. As a temporary workaround, consider disabling file upload functionality for application administrators until a patch is available.