12 matches found
EUVD-2017-5874
Malware in sbrugna...
CVE-2017-8016
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...
CVE-2017-14369
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records...
CVE-2017-14371
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...
Privilege escalation
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server...
CVE-2017-8025
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may upload malicious files via attachments to arbitrary paths on the web server. Impact details are provided in the NVD entry (CVSS components present) and related adv...
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities
ESA-2014-071.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641 Severity Rating: CVSS v2 Base Score: See below for individual scor...
CVE-2014-0641
Cross-site request forgery CSRF vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-2517
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-2517
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors...
CVE-2014-0641
The CVE-2014-0641 issue affects EMC RSA Archer GRC Platform 5.x (up to 5.5 SP1). It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow a remote attacker to hijack an authenticated user’s session in the victim’s browser by enticing the user to click crafted links or similar acti...