Archer Grc Platform
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8025 | Hig | 0.48 | 7.4 | 0.01 | Oct 11, 2017 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. | ||
| CVE-2017-8016 | Med | 0.35 | 5.4 | 0.01 | Oct 11, 2017 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer… | ||
| CVE-2014-4633 | 0.00 | — | 0.01 | Dec 12, 2014 | Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2517 | 0.00 | — | 0.01 | Aug 20, 2014 | Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-2505 | 0.00 | — | 0.01 | Aug 20, 2014 | EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | |||
| CVE-2014-0641 | 0.00 | — | 0.01 | Aug 20, 2014 | Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-0640 | 0.00 | — | 0.01 | Aug 20, 2014 | EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
- risk 0.48cvss 7.4epss 0.01
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.
- risk 0.35cvss 5.4epss 0.01
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer…
- CVE-2014-4633Dec 12, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-2517Aug 20, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
- CVE-2014-2505Aug 20, 2014risk 0.00cvss —epss 0.01
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
- CVE-2014-0641Aug 20, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2014-0640Aug 20, 2014risk 0.00cvss —epss 0.01
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.