Lucene search
+L
RsaArcher

33 matches found

CVE
CVE
added 2022/05/26 7:18 p.m.455 views

CVE-2022-30585

CVE-2022-30585 affects Archer Platform 6.x before 6.11 (6.11.0.0) where the REST API permits an Authorization Bypass. A remote authenticated malicious user could view sensitive information. Affected/fixed releases noted: 6.11.0.0 fixes the issue; older releases such as 6.10.0.3 and 6.9.3.4 are al...

6.5CVSS6.2AI score0.00829EPSS
CVE
CVE
added 2022/08/25 10:49 p.m.308 views

CVE-2022-37316

CVE-2022-37316 affects Archer Platform 6.8 prior to 6.11 P3 (6.11.0.3). It is caused by an improper API access control in a multi‑instance system, which could expose unauthorized metadata to an authenticated user. Fixed releases include 6.11.0.3 and 6.10 P3 HF1 (6.10.0.3.1). There is no exploitab...

6.5CVSS6.3AI score0.00582EPSS
CVE
CVE
added 2019/09/18 10:23 p.m.179 views

CVE-2019-3756

RSA Archer

6.5CVSS6.2AI score0.0109EPSS
CVE
CVE
added 2019/09/18 10:23 p.m.176 views

CVE-2019-3758

CVE-2019-3758 affects RSA Archer prior to 6.6 P2 (6.6.0.2). The root cause is improper authentication that enables sysadmins to create user accounts with insufficient credentials, allowing unauthenticated attackers to gain unauthorized access to the system using those accounts. Exploitation detai...

9.8CVSS9.4AI score0.01462EPSS
CVE
CVE
added 2021/05/26 3:56 a.m.92 views

CVE-2021-29252

CVE-2021-29252 affects RSA Archer before 6.9 SP1 P1 (6.9.1.1). A remote authenticated Archer user with access to modify link name fields can trigger a stored cross-site scripting vulnerability, potentially causing code execution in a victim’s browser. Public references confirm affected versions i...

5.4CVSS5.2AI score0.00812EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.92 views

CVE-2022-26949

CVE-2022-26949 affects Archer 6.x through 6.9 SP2 P1 (6.9.2.1). The issue is an improper access control on attachments, enabling a remote authenticated attacker to access files that should require higher privileges. Root cause: inadequate access controls on attachment handling. Impact stated: pot...

6.5CVSS6.6AI score0.00916EPSS
CVE
CVE
added 2021/05/26 3:57 a.m.90 views

CVE-2021-29253

CVE-2021-29253 affects the Tableau integration in RSA Archer versions 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2). The underlying issue is insecure credential storage, which could allow an attacker who has access to the Tableau workbook file to obtain credential information for use in further attac...

5.5CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2022/04/04 11:51 a.m.90 views

CVE-2021-33616

RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) exposes a stored XSS vulnerability. An authenticated Archer user can store malicious HTML/JavaScript in a trusted application data store; when other users access the corrupted datastore, the payload executes in the web app context. Root cause: improper ...

5.4CVSS5.5AI score0.00721EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.88 views

CVE-2022-26948

The CVE-2022-26948 entry affects the Archer RSS feed integration in Archer 6.x up to 6.9 SP1 (6.9.1.0). The root cause is insecure credential storage, allowing a malicious actor to access credential information and potentially use it for further attacks. The available documents do not provide spe...

7.5CVSS7.3AI score0.00563EPSS
CVE
CVE
added 2021/01/29 6:35 a.m.86 views

CVE-2020-29538

The CVE-2020-29538 entry concerns Archer prior to 6.9 P1 (6.9.0.1). The vulnerability is described as an improper access control flaw in an API. It allows a remote authenticated malicious administrative user to potentially gather information about the system, which could be leveraged in subsequen...

4.9CVSS4.8AI score0.00969EPSS
CVE
CVE
added 2022/03/30 9:43 p.m.84 views

CVE-2021-38362

CVE-2021-38362 affects RSA Archer 6.x up to 6.9 SP3 (6.9.3.0). An authenticated attacker can issue a GET to a vulnerable REST API endpoint, exploiting an Insecure Direct Object Reference (IDOR) to retrieve sensitive data. The cited sources describe the vulnerability and affected version range but...

6.5CVSS6.3AI score0.00944EPSS
CVE
CVE
added 2018/08/24 3:0 p.m.81 views

CVE-2018-11065

The RSA Archer WorkPoint component embedded in RSA Archer 6.1.x, 6.2.x, 6.3.x before 6.3.0.7 and 6.4.x before 6.4.0.1 contains a SQL injection vulnerability. A malicious user could potentially execute SQL commands on the back-end database to read data. Embedded WorkPoint is upgraded to version 4....

4.3CVSS5.3AI score0.01291EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.81 views

CVE-2022-26950

CVE-2022-26950 affects Archer 6.x through 6.9 P2 (6.9.0.2). The Red Hat and NVD entries corroborate an open redirect vulnerability that could allow a remote, unprivileged attacker to redirect legitimate users to arbitrary sites, enabling phishing and potential credential theft with silent authent...

6.1CVSS6.3AI score0.00531EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.81 views

CVE-2022-26951

CVE-2022-26951 affects Archer 6.x up to 6.10 (6.10.0.0). The vulnerability is a reflected cross-site scripting (XSS) flaw: a remote, SAML-authenticated Archer user could coax a victim application user into submitting malicious HTML/JavaScript to the vulnerable web app, with the malicious code the...

6.5CVSS6AI score0.00546EPSS
CVE
CVE
added 2018/07/24 7:0 p.m.80 views

CVE-2018-11060

RSA Archer is affected by an authorization bypass vulnerability in the REST API prior to version 6.4.0.1. The issue allows a remote authenticated Archer user to potentially elevate privileges due to an authorization check flaw in the REST endpoint. Impact is privilege escalation within the Archer...

8.8CVSS8.3AI score0.03036EPSS
CVE
CVE
added 2022/08/25 10:42 p.m.79 views

CVE-2022-37317

Archer Platform 6.x prior to 6.11 P3 contains an HTML injection vulnerability. An authenticated remote attacker could exploit it by convincing a victim application user to execute malicious code in the web application's context. Affected releases mentioned include 6.11 P3 (and earlier 6.11.0.2.4 ...

7.6CVSS5.7AI score0.00583EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.78 views

CVE-2021-41594

CVE-2021-41594 affects RSA Archer 6.9.SP1 P3. The issue arises when an administrator precludes certain application functions; an attacker can bypass this by intercepting the API request to /api/V2/internal/TaskPermissions/CheckTaskAccess and replacing its parameters with empty fields, enabling ac...

6.5CVSS6.4AI score0.00754EPSS
CVE
CVE
added 2022/03/29 11:33 p.m.77 views

CVE-2022-26947

CVE-2022-26947 is a reflected XSS vulnerability in Archer 6.x through 6.9 SP3 (6.9.3.0). A remote authenticated Archer user could prompt a victim user to submit malicious HTML/JavaScript to the vulnerable web application, with the malicious code then reflected back and executed by the victim’s br...

6.3CVSS5.1AI score0.00609EPSS
CVE
CVE
added 2021/01/29 6:33 a.m.73 views

CVE-2020-29537

CVE-2020-29537 affects Archer before 6.8 P2 (6.8.0.2) with an open redirect vulnerability. A remote privileged attacker could redirect users to arbitrary sites, enabling phishing and credential theft while remaining authenticated to Archer. The provided documents do not specify a fix version or r...

5.4CVSS5.5AI score0.00806EPSS
CVE
CVE
added 2018/07/24 7:0 p.m.72 views

CVE-2018-11059

RSA Archer, versions prior to 6.4.0.1, contains a stored cross-site scripting vulnerability. A remote authenticated Archer user could store malicious HTML/JavaScript in a trusted application data store, causing execution in the browser context of the vulnerable web application when users access t...

8.2CVSS4.9AI score0.01363EPSS
CVE
CVE
added 2022/06/02 12:32 p.m.72 views

CVE-2021-33615

RSA Archer 6.8.00500.1003 P5 is affected by an unrestricted file upload vulnerability leading to remote code execution. The Nessus plugin for EMC RSA Archer identifies affected ranges as 6.x prior to 6.9.3.4 (6.9 SP3 P4) and 6.10.x prior to 6.10.0.2 (6.10 P2). A remote, authenticated attacker cou...

8.5CVSS7.5AI score0.0122EPSS
CVE
CVE
added 2021/01/29 6:34 a.m.71 views

CVE-2020-29536

CVE-2020-29536 affects RSA Archer before version 6.8 P2 (6.8.0.2). The issue is described as a path exposure vulnerability where a remote authenticated attacker with access to service files could obtain sensitive information for use in further attacks. Affected component/file/underlying cause is ...

4.3CVSS4.2AI score0.00537EPSS
CVE
CVE
added 2022/05/26 7:18 p.m.67 views

CVE-2022-30584

Affected software and version range: Archer Platform v6.3–6.10 prior to 6.10.0.3, v6.9 prior to 6.9.3.4, and v6.11.0.0 (6.11.0.0 is the fixed release; 6.11.x is implied). Root cause: Improper access control in the SSO ADFS functionality. Impact (as stated): Could be exploited by malicious users t...

9.6CVSS8.5AI score0.00921EPSS
CVE
CVE
added 2022/08/25 10:44 p.m.64 views

CVE-2022-37318

Archer Platform vulnerable to a reflected XSS in versions prior to 6.11 P3 (6.11.0.3). The issue allows a remote, unauthenticated attacker to trick a victim user into submitting malicious JavaScript to the vulnerable web application, which is then reflected and executed in the browser context. Af...

7CVSS6.1AI score0.00434EPSS
CVE
CVE
added 2020/11/18 3:24 p.m.62 views

CVE-2020-26884

CVE-2020-26884 affects RSA Archer 6.8 (6.8.0.0–6.8.0.3) and 6.9, with a URL injection vulnerability allowing an unauthenticated, remote attacker to trick a victim user into executing malicious JavaScript in the web application. The connected documents confirm the affected versions and the injecti...

6.1CVSS6.5AI score0.00823EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.59 views

CVE-2020-5332

CVE-2020-5332 affects EMC RSA Archer versions prior to 6.7 P3 (6.7.0.3), with a command-injection vulnerability that an authenticated administrator can exploit to run arbitrary commands on the host running RSA Archer. According to NVD, this has a CVSS v3.1 base score of 7.2 (HIGH) , using a netwo...

9CVSS7.4AI score0.02248EPSS
CVE
CVE
added 2021/01/29 6:32 a.m.58 views

CVE-2020-29535

CVE-2020-29535 relates to Archer before 6.8 P4 (6.8.0.4), which contains a stored XSS vulnerability. A remote authenticated Archer user could store malicious HTML or JavaScript in a trusted application data store, with the malicious code executed in users’ browsers when accessing the affected dat...

5.4CVSS5AI score0.0081EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.58 views

CVE-2020-5331

RSA Archer contains an information exposure vulnerability in versions prior to 6.7 P3 (6.7.0.3). Affected component is the application’s handling of session data cached/logged by the server, which could allow an authenticated local user with access to log files to obtain sensitive information. Th...

8.8CVSS5.1AI score0.0072EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.58 views

CVE-2020-5334

RSA Archer versions prior to 6.7 P2 (6.7.0.2) are affected by a DOM-based cross-site scripting vulnerability. An unauthenticated remote attacker could exploit this by inducing a victim user to submit malicious HTML/JavaScript to the DOM in the browser, causing code to execute in the context of th...

8.2CVSS6AI score0.00862EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.56 views

CVE-2020-5336

CVE-2020-5336 affects Dell EMC RSA Archer versions prior to 6.7.0.1 (6.7 P1). The vulnerability is a URL injection that could allow an unauthenticated attacker to trick a victim application user into executing malicious JavaScript in the context of the web application. Connected documents corrobo...

6.1CVSS6.6AI score0.00705EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.56 views

CVE-2020-5337

RSA Archer is affected by a URL redirection vulnerability (CVE-2020-5337) in versions prior to 6.7 P1 (6.7.0.1). An unauthenticated remote attacker can lure users to malicious sites by sending crafted links, enabling phishing through redirection. The issue is documented across multiple sources co...

6.1CVSS6.2AI score0.00754EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.52 views

CVE-2020-5335

RSA Archer (EMC), versions prior to 6.7 P2 (6.7.0.2), is affected by a cross-site request forgery (CSRF) vulnerability. A remote unauthenticated attacker could trick a victim using the application into sending arbitrary requests that execute server-side operations with the victim’s privileges. Th...

8.8CVSS8.6AI score0.00457EPSS
CVE
CVE
added 2020/05/04 6:50 p.m.51 views

CVE-2020-5333

The CVE-2020-5333 entry concerns RSA Archer before version 6.7 P3 (6.7.0.3) and before 6.6 P6 (6.6.0.6), which contains an authorization bypass vulnerability in the REST API. A remote authenticated Archer user could potentially view unauthorized information due to this flaw. Connected sources cor...

4.3CVSS4.3AI score0.00795EPSS