Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection....
6.7CVSS
6.4AI Score
0.001EPSS
RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to...
7.2AI Score
0.014EPSS
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could...
4.8CVSS
4.8AI Score
0.001EPSS
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by...
7.5CVSS
7.2AI Score
0.002EPSS
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed...
6.5CVSS
6.2AI Score
0.001EPSS
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra...
6.5CVSS
6.6AI Score
0.001EPSS
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed...
9.6CVSS
8.5AI Score
0.001EPSS
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with...
7.5CVSS
5.7AI Score
0.002EPSS
RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified...
6.4AI Score
0.002EPSS
Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown...
6.7AI Score
0.001EPSS
Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified...
8.4AI Score
0.003EPSS
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified...
6.3AI Score
0.002EPSS
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration...
6.5AI Score
0.0004EPSS
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the...
5.7AI Score
0.0004EPSS
EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout...
6.7AI Score
0.001EPSS
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log...
6.1AI Score
0.0004EPSS
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application......
7CVSS
6.1AI Score
0.001EPSS
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed...
6.5CVSS
6.3AI Score
0.001EPSS
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4...
7.6CVSS
5.7AI Score
0.001EPSS
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous...
7.5CVSS
7.5AI Score
0.003EPSS
5.4CVSS
5.5AI Score
0.001EPSS
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive...
6.5CVSS
6.3AI Score
0.001EPSS
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to.....
6.1CVSS
6.3AI Score
0.001EPSS
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further...
7.5CVSS
7.3AI Score
0.002EPSS
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...
6.3CVSS
5.1AI Score
0.001EPSS
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the.....
6.5CVSS
6AI Score
0.001EPSS
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves....
6.5CVSS
6.4AI Score
0.001EPSS
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further...
5.5CVSS
5.3AI Score
0.0004EPSS
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's...
5.4CVSS
5.2AI Score
0.001EPSS
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store...
5.4CVSS
5AI Score
0.001EPSS
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the...
5.4CVSS
5.5AI Score
0.001EPSS
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent...
4.9CVSS
4.8AI Score
0.001EPSS
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further...
4.3CVSS
4.2AI Score
0.001EPSS
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web...
6.1CVSS
6.5AI Score
0.001EPSS
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the...
8.4CVSS
8.4AI Score
0.001EPSS
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...
8.8CVSS
5.1AI Score
0.0004EPSS
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected...
6.1CVSS
6.6AI Score
0.001EPSS
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server...
8.8CVSS
8.6AI Score
0.002EPSS
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM...
8.2CVSS
6AI Score
0.001EPSS
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized...
4.3CVSS
4.3AI Score
0.001EPSS
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The...
6.1CVSS
6.2AI Score
0.001EPSS
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is...
7.2CVSS
7.4AI Score
0.002EPSS
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those...
9.8CVSS
9.4AI Score
0.002EPSS
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error...
6.5CVSS
6.2AI Score
0.001EPSS
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary....
9.8CVSS
9.8AI Score
0.002EPSS
RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including...
8.8CVSS
8.4AI Score
0.005EPSS
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for...
7.2CVSS
6.9AI Score
0.001EPSS
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further...
7.8CVSS
7.3AI Score
0.0004EPSS
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...
7.8CVSS
5.2AI Score
0.0004EPSS
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA...
7.8CVSS
7.3AI Score
0.0004EPSS