VYPR

Archer Grc Platform

by EMC Corporation

CVEs (7)

  • CVE-2017-8025HigOct 11, 2017
    risk 0.48cvss 7.4epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.

  • CVE-2017-8016MedOct 11, 2017
    risk 0.35cvss 5.4epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer…

  • CVE-2014-4633Dec 12, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-2517Aug 20, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.

  • CVE-2014-2505Aug 20, 2014
    risk 0.00cvss epss 0.01

    EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

  • CVE-2014-0641Aug 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2014-0640Aug 20, 2014
    risk 0.00cvss epss 0.01

    EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.