Archer Security Vulnerabilities and Issues — Archer CVE List

Lucene search

RsaArcher

8 matches found

CVE•added 2020/11/18 4:15 p.m.•46 views

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.

6.1CVSS6.5AI score0.00469EPSS

CVE•added 2020/05/04 7:15 p.m.•46 views

CVE-2020-5332

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.

9CVSS7.4AI score0.02018EPSS

CVE•added 2020/05/04 7:15 p.m.•45 views

CVE-2020-5334

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM en...

8.2CVSS6AI score0.00707EPSS

CVE•added 2020/05/04 7:15 p.m.•44 views

CVE-2020-5331

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further att...

8.8CVSS5.1AI score0.00166EPSS

CVE•added 2020/05/04 7:15 p.m.•44 views

CVE-2020-5337

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnera...

6.1CVSS6.2AI score0.00163EPSS

CVE•added 2020/05/04 7:15 p.m.•43 views

CVE-2020-5336

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.

6.1CVSS6.6AI score0.0062EPSS

CVE•added 2020/05/04 7:15 p.m.•39 views

CVE-2020-5333

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.

4.3CVSS4.3AI score0.00111EPSS

CVE•added 2020/05/04 7:15 p.m.•39 views

CVE-2020-5335

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operati...

8.8CVSS8.6AI score0.00078EPSS