Archer@6.1.0.0 Security Vulnerabilities and Issues — Archer@6.1.0.0 CVE List

Lucene search

RsaArcher6.1.0.0

11 matches found

CVE•added 2022/03/30 12:15 a.m.•79 views

CVE-2022-26949

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.

6.5CVSS6.6AI score0.00206EPSS

CVE•added 2022/04/04 12:15 p.m.•76 views

CVE-2021-33616

RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.

5.4CVSS5.5AI score0.00511EPSS

CVE•added 2022/03/30 10:15 p.m.•70 views

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.

6.5CVSS6.3AI score0.00273EPSS

CVE•added 2018/08/24 3:29 p.m.•69 views

CVE-2018-11065

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read cert...

4.3CVSS5.3AI score0.00219EPSS

CVE•added 2018/07/24 7:29 p.m.•68 views

CVE-2018-11060

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

8.8CVSS8.3AI score0.00623EPSS

CVE•added 2022/03/30 12:15 a.m.•68 views

CVE-2022-26948

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.

7.5CVSS7.3AI score0.00256EPSS

CVE•added 2022/03/30 12:15 a.m.•67 views

CVE-2022-26950

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to t...

6.1CVSS6.3AI score0.00134EPSS

CVE•added 2022/03/30 12:15 a.m.•64 views

CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves ...

6.5CVSS6.4AI score0.00247EPSS

CVE•added 2022/03/30 12:15 a.m.•64 views

CVE-2022-26947

Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malici...

6.3CVSS5.1AI score0.0023EPSS

CVE•added 2022/03/30 12:15 a.m.•64 views

CVE-2022-26951

Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the m...

6.5CVSS6AI score0.00494EPSS

CVE•added 2018/07/24 7:29 p.m.•58 views

CVE-2018-11059

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the cor...

8.2CVSS4.9AI score0.00323EPSS