VYPR

Archer Grc Platform

by Rsa

CVEs (33)

  • CVE-2017-14372MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer…

  • CVE-2017-14371MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

  • CVE-2017-14370MedOct 11, 2017
    risk 0.35cvss 5.4epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

  • CVE-2017-14369MedOct 11, 2017
    risk 0.28cvss 4.3epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.

  • CVE-2025-27893Mar 11, 2025
    risk 0.00cvss epss 0.00

    In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NOTE: the Supplier analyzed the…

  • CVE-2024-49210Oct 22, 2024
    risk 0.00cvss epss 0.00

    Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the…

  • CVE-2024-49208Oct 22, 2024
    risk 0.00cvss epss 0.00

    Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons.

  • CVE-2024-49211Oct 22, 2024
    risk 0.00cvss epss 0.00

    Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to…

  • CVE-2024-41707Jul 25, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users…

  • CVE-2024-41705Jul 25, 2024
    risk 0.00cvss epss 0.00

    A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through…

  • CVE-2024-41706Jul 25, 2024
    risk 0.00cvss epss 0.00

    A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store…

  • CVE-2024-26312May 6, 2024
    risk 0.00cvss epss 0.00

    Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

  • CVE-2024-34089May 6, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application…

  • CVE-2024-34091May 6, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application…

  • CVE-2024-34090May 6, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

  • CVE-2024-34092May 6, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.

  • CVE-2024-34093May 6, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.

  • CVE-2024-26313Mar 8, 2024
    risk 0.00cvss epss 0.01

    Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim…

  • CVE-2024-26310Feb 21, 2024
    risk 0.00cvss epss 0.00

    Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.

  • CVE-2023-48641Dec 12, 2023
    risk 0.00cvss epss 0.00

    Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user…

Page 1 of 2