33 matches found
CVE-2022-30585
CVE-2022-30585 affects Archer Platform 6.x before 6.11 (6.11.0.0) where the REST API permits an Authorization Bypass. A remote authenticated malicious user could view sensitive information. Affected/fixed releases noted: 6.11.0.0 fixes the issue; older releases such as 6.10.0.3 and 6.9.3.4 are al...
CVE-2022-37316
CVE-2022-37316 affects Archer Platform 6.8 prior to 6.11 P3 (6.11.0.3). It is caused by an improper API access control in a multi‑instance system, which could expose unauthorized metadata to an authenticated user. Fixed releases include 6.11.0.3 and 6.10 P3 HF1 (6.10.0.3.1). There is no exploitab...
CVE-2019-3756
RSA Archer
CVE-2019-3758
CVE-2019-3758 affects RSA Archer prior to 6.6 P2 (6.6.0.2). The root cause is improper authentication that enables sysadmins to create user accounts with insufficient credentials, allowing unauthenticated attackers to gain unauthorized access to the system using those accounts. Exploitation detai...
CVE-2021-29252
CVE-2021-29252 affects RSA Archer before 6.9 SP1 P1 (6.9.1.1). A remote authenticated Archer user with access to modify link name fields can trigger a stored cross-site scripting vulnerability, potentially causing code execution in a victim’s browser. Public references confirm affected versions i...
CVE-2022-26949
CVE-2022-26949 affects Archer 6.x through 6.9 SP2 P1 (6.9.2.1). The issue is an improper access control on attachments, enabling a remote authenticated attacker to access files that should require higher privileges. Root cause: inadequate access controls on attachment handling. Impact stated: pot...
CVE-2021-29253
CVE-2021-29253 affects the Tableau integration in RSA Archer versions 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2). The underlying issue is insecure credential storage, which could allow an attacker who has access to the Tableau workbook file to obtain credential information for use in further attac...
CVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) exposes a stored XSS vulnerability. An authenticated Archer user can store malicious HTML/JavaScript in a trusted application data store; when other users access the corrupted datastore, the payload executes in the web app context. Root cause: improper ...
CVE-2022-26948
The CVE-2022-26948 entry affects the Archer RSS feed integration in Archer 6.x up to 6.9 SP1 (6.9.1.0). The root cause is insecure credential storage, allowing a malicious actor to access credential information and potentially use it for further attacks. The available documents do not provide spe...
CVE-2020-29538
The CVE-2020-29538 entry concerns Archer prior to 6.9 P1 (6.9.0.1). The vulnerability is described as an improper access control flaw in an API. It allows a remote authenticated malicious administrative user to potentially gather information about the system, which could be leveraged in subsequen...
CVE-2021-38362
CVE-2021-38362 affects RSA Archer 6.x up to 6.9 SP3 (6.9.3.0). An authenticated attacker can issue a GET to a vulnerable REST API endpoint, exploiting an Insecure Direct Object Reference (IDOR) to retrieve sensitive data. The cited sources describe the vulnerability and affected version range but...
CVE-2018-11065
The RSA Archer WorkPoint component embedded in RSA Archer 6.1.x, 6.2.x, 6.3.x before 6.3.0.7 and 6.4.x before 6.4.0.1 contains a SQL injection vulnerability. A malicious user could potentially execute SQL commands on the back-end database to read data. Embedded WorkPoint is upgraded to version 4....
CVE-2022-26951
CVE-2022-26951 affects Archer 6.x up to 6.10 (6.10.0.0). The vulnerability is a reflected cross-site scripting (XSS) flaw: a remote, SAML-authenticated Archer user could coax a victim application user into submitting malicious HTML/JavaScript to the vulnerable web app, with the malicious code the...
CVE-2018-11060
RSA Archer is affected by an authorization bypass vulnerability in the REST API prior to version 6.4.0.1. The issue allows a remote authenticated Archer user to potentially elevate privileges due to an authorization check flaw in the REST endpoint. Impact is privilege escalation within the Archer...
CVE-2022-26950
CVE-2022-26950 affects Archer 6.x through 6.9 P2 (6.9.0.2). The Red Hat and NVD entries corroborate an open redirect vulnerability that could allow a remote, unprivileged attacker to redirect legitimate users to arbitrary sites, enabling phishing and potential credential theft with silent authent...
CVE-2022-37317
Archer Platform 6.x prior to 6.11 P3 contains an HTML injection vulnerability. An authenticated remote attacker could exploit it by convincing a victim application user to execute malicious code in the web application's context. Affected releases mentioned include 6.11 P3 (and earlier 6.11.0.2.4 ...
CVE-2021-41594
CVE-2021-41594 affects RSA Archer 6.9.SP1 P3. The issue arises when an administrator precludes certain application functions; an attacker can bypass this by intercepting the API request to /api/V2/internal/TaskPermissions/CheckTaskAccess and replacing its parameters with empty fields, enabling ac...
CVE-2022-26947
CVE-2022-26947 is a reflected XSS vulnerability in Archer 6.x through 6.9 SP3 (6.9.3.0). A remote authenticated Archer user could prompt a victim user to submit malicious HTML/JavaScript to the vulnerable web application, with the malicious code then reflected back and executed by the victim’s br...
CVE-2020-29537
CVE-2020-29537 affects Archer before 6.8 P2 (6.8.0.2) with an open redirect vulnerability. A remote privileged attacker could redirect users to arbitrary sites, enabling phishing and credential theft while remaining authenticated to Archer. The provided documents do not specify a fix version or r...
CVE-2018-11059
RSA Archer, versions prior to 6.4.0.1, contains a stored cross-site scripting vulnerability. A remote authenticated Archer user could store malicious HTML/JavaScript in a trusted application data store, causing execution in the browser context of the vulnerable web application when users access t...
CVE-2021-33615
RSA Archer 6.8.00500.1003 P5 is affected by an unrestricted file upload vulnerability leading to remote code execution. The Nessus plugin for EMC RSA Archer identifies affected ranges as 6.x prior to 6.9.3.4 (6.9 SP3 P4) and 6.10.x prior to 6.10.0.2 (6.10 P2). A remote, authenticated attacker cou...
CVE-2020-29536
CVE-2020-29536 affects RSA Archer before version 6.8 P2 (6.8.0.2). The issue is described as a path exposure vulnerability where a remote authenticated attacker with access to service files could obtain sensitive information for use in further attacks. Affected component/file/underlying cause is ...
CVE-2022-30584
Affected software and version range: Archer Platform v6.3–6.10 prior to 6.10.0.3, v6.9 prior to 6.9.3.4, and v6.11.0.0 (6.11.0.0 is the fixed release; 6.11.x is implied). Root cause: Improper access control in the SSO ADFS functionality. Impact (as stated): Could be exploited by malicious users t...
CVE-2022-37318
Archer Platform vulnerable to a reflected XSS in versions prior to 6.11 P3 (6.11.0.3). The issue allows a remote, unauthenticated attacker to trick a victim user into submitting malicious JavaScript to the vulnerable web application, which is then reflected and executed in the browser context. Af...
CVE-2020-26884
CVE-2020-26884 affects RSA Archer 6.8 (6.8.0.0–6.8.0.3) and 6.9, with a URL injection vulnerability allowing an unauthenticated, remote attacker to trick a victim user into executing malicious JavaScript in the web application. The connected documents confirm the affected versions and the injecti...
CVE-2020-5332
CVE-2020-5332 affects EMC RSA Archer versions prior to 6.7 P3 (6.7.0.3), with a command-injection vulnerability that an authenticated administrator can exploit to run arbitrary commands on the host running RSA Archer. According to NVD, this has a CVSS v3.1 base score of 7.2 (HIGH) , using a netwo...
CVE-2020-5331
RSA Archer contains an information exposure vulnerability in versions prior to 6.7 P3 (6.7.0.3). Affected component is the application’s handling of session data cached/logged by the server, which could allow an authenticated local user with access to log files to obtain sensitive information. Th...
CVE-2020-5334
RSA Archer versions prior to 6.7 P2 (6.7.0.2) are affected by a DOM-based cross-site scripting vulnerability. An unauthenticated remote attacker could exploit this by inducing a victim user to submit malicious HTML/JavaScript to the DOM in the browser, causing code to execute in the context of th...
CVE-2020-29535
CVE-2020-29535 relates to Archer before 6.8 P4 (6.8.0.4), which contains a stored XSS vulnerability. A remote authenticated Archer user could store malicious HTML or JavaScript in a trusted application data store, with the malicious code executed in users’ browsers when accessing the affected dat...
CVE-2020-5336
CVE-2020-5336 affects Dell EMC RSA Archer versions prior to 6.7.0.1 (6.7 P1). The vulnerability is a URL injection that could allow an unauthenticated attacker to trick a victim application user into executing malicious JavaScript in the context of the web application. Connected documents corrobo...
CVE-2020-5337
RSA Archer is affected by a URL redirection vulnerability (CVE-2020-5337) in versions prior to 6.7 P1 (6.7.0.1). An unauthenticated remote attacker can lure users to malicious sites by sending crafted links, enabling phishing through redirection. The issue is documented across multiple sources co...
CVE-2020-5335
RSA Archer (EMC), versions prior to 6.7 P2 (6.7.0.2), is affected by a cross-site request forgery (CSRF) vulnerability. A remote unauthenticated attacker could trick a victim using the application into sending arbitrary requests that execute server-side operations with the victim’s privileges. Th...
CVE-2020-5333
The CVE-2020-5333 entry concerns RSA Archer before version 6.7 P3 (6.7.0.3) and before 6.6 P6 (6.6.0.6), which contains an authorization bypass vulnerability in the REST API. A remote authenticated Archer user could potentially view unauthorized information due to this flaw. Connected sources cor...