CVE-2011-3339 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
7t	Igss
Mozilla	Firefox
Safenet-inc	Sentinel Hasp Run-time Sentinel Hasp Sdk

Configuration 1 [-]

AND

OR	cpe:2.3:a:7t:igss:7:::::::*
	cpe:2.3:a:safenet-inc:sentinel_hasp_run-time::::::::
	cpe:2.3:a:safenet-inc:sentinel_hasp_sdk::::::::

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/
http://www.securityfocus.com/bid/51028
http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71789

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2011-12-17T02:00:00

Updated: 2024-08-06T23:29:56.815Z

Reserved: 2011-08-29T00:00:00

Link: CVE-2011-3339

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-12-17T03:54:45.743

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3339

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "safenet-unspecified-xss(71789)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71789"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/"}, {"name": "51028", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51028"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2011-3339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "safenet-unspecified-xss(71789)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71789"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf"}, {"name": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/", "refsource": "CONFIRM", "url": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/"}, {"name": "51028", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51028"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.815Z"}, "title": "CVE Program Container", "references": [{"name": "safenet-unspecified-xss(71789)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71789"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/"}, {"name": "51028", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51028"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2011-3339", "datePublished": "2011-12-17T02:00:00", "dateReserved": "2011-08-29T00:00:00", "dateUpdated": "2024-08-06T23:29:56.815Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:7t:igss:7:*:*:*:*:*:*:*", "matchCriteriaId": "D371A71E-3F97-43A8-A9E9-2C81DE4DDB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:safenet-inc:sentinel_hasp_run-time:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C6646CA-8479-46AC-9416-9AF2F93C7BC5", "versionEndIncluding": "5.95", "vulnerable": true}, {"criteria": "cpe:2.3:a:safenet-inc:sentinel_hasp_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "98F4DBD0-60B4-4B0F-824A-1ED6F6C38AE2", "versionEndIncluding": "5.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el \"Admin Control Center\" de Sentinel HASP Run-time Environment 5.95 y versiones anteriores de SafeNet Sentinel HASP (anteriormente Aladdin HASP SRM) run-time installer en versiones anteriores a 6.x y SDK anteriores a 5.11, tal como se utiliza en 7 Technologies (7T) IGSS 7 y otros productos, si Firefox 2.0 es utilizado, permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores desconocidos que provocan el acceso de escritura al archivo de configuraci\u00f3n."}], "id": "CVE-2011-3339", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-12-17T03:54:45.743", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/51028"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71789"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}