EMC RSA Archer 6.0 < 6.9 SP3 P4 / 6.10 < 6.10 P2 Remote Code Execution

The version of EMC RSA Archer running on the remote web server is 6.x prior to 6.9.3.4 6.9 SP3 P4, 6.10.x prior to 6.10.0.2 6.10 P2. It is, therefore, affected by a remote code execution vulnerability due to unrestricted upload of a file with a dangerous type. A remote, authenticated malicious us...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

Cross site scripting

Archer 6.x through 6.9 SP3 6.9.3.0 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...