VYPR

Vendor CVEs

Rsa

All CVEs

150 total · sorted by risk
  • CVE-2020-37095CriFeb 7, 2026
    risk 0.64cvss 9.8epss 0.01

    Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to…

  • CVE-2018-11058CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.04

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously…

  • CVE-2017-14377CriNov 29, 2017
    risk 0.64cvss 9.8epss 0.03

    EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.

  • CVE-2018-11061CriAug 24, 2018
    risk 0.60cvss 9.1epss 0.05

    RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA…

  • CVE-2018-1245CriJul 13, 2018
    risk 0.59cvss 9.0epss 0.03

    RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security…

  • CVE-2018-11060HigJul 24, 2018
    risk 0.57cvss 8.8epss 0.03

    RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

  • CVE-2018-1252HigJun 5, 2018
    risk 0.57cvss 8.8epss 0.02

    RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end…

  • CVE-2014-4627HigNov 7, 2014
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-11059HigJul 24, 2018
    risk 0.53cvss 8.2epss 0.01

    RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application…

  • CVE-2018-1247HigMay 8, 2018
    risk 0.51cvss 7.1epss 0.17

    RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted…

  • CVE-2018-11054HigAug 31, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

  • CVE-2018-11051HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input…

  • CVE-2018-1232HigMar 30, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to…

  • CVE-2017-9758HigNov 10, 2017
    risk 0.48cvss 7.4epss 0.01

    Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."

  • CVE-2018-11049HigJul 11, 2018
    risk 0.47cvss 7.3epss 0.00

    RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user…

  • CVE-2017-8004HigJul 17, 2017
    risk 0.47cvss 7.2epss 0.02

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and…

  • CVE-2015-6851MedDec 23, 2015
    risk 0.44cvss 6.7epss 0.01

    EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.

  • CVE-2018-11073MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.01

    RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface.…

  • CVE-2018-11056MedAug 31, 2018
    risk 0.42cvss 6.5epss 0.02

    RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use…

  • CVE-2018-11074MedSep 28, 2018
    risk 0.40cvss 6.1epss 0.02

    RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim…

  • CVE-2018-1255MedJul 13, 2018
    risk 0.40cvss 6.1epss 0.01

    RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or…

  • CVE-2018-1254MedJun 21, 2018
    risk 0.40cvss 6.1epss 0.02

    RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply…

  • CVE-2018-1253MedJun 21, 2018
    risk 0.40cvss 6.1epss 0.01

    RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web…

  • CVE-2018-1248MedMay 8, 2018
    risk 0.40cvss 6.1epss 0.02

    RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to…

  • CVE-2018-1233MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser…

  • CVE-2017-14372MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer…

  • CVE-2017-14371MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

  • CVE-2017-5003MedJun 9, 2017
    risk 0.40cvss 6.1epss 0.01

    EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting…

  • CVE-2016-0919MedFeb 3, 2017
    risk 0.40cvss 6.1epss 0.01

    EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2018-11075MedSep 28, 2018
    risk 0.38cvss 5.8epss 0.01

    RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by…

  • CVE-2018-11070MedSep 11, 2018
    risk 0.38cvss 5.9epss 0.02

    RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

  • CVE-2018-11069MedSep 11, 2018
    risk 0.38cvss 5.9epss 0.01

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

  • CVE-2018-11057MedAug 31, 2018
    risk 0.38cvss 5.9epss 0.02

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

  • CVE-2018-1234MedMar 30, 2018
    risk 0.36cvss 5.5epss 0.00

    RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit…

  • CVE-2017-14370MedOct 11, 2017
    risk 0.35cvss 5.4epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

  • CVE-2017-8005MedJul 17, 2017
    risk 0.35cvss 5.4epss 0.01

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and…

  • CVE-2017-5004MedJun 9, 2017
    risk 0.35cvss 5.4epss 0.01

    EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities…

  • CVE-2017-4978MedMay 19, 2017
    risk 0.35cvss 5.4epss 0.01

    EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2024-23169MedNov 15, 2024
    risk 0.30cvss 4.6epss 0.00

    The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.

  • CVE-2018-11068MedSep 11, 2018
    risk 0.30cvss 4.6epss 0.00

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

  • CVE-2024-25066MedFeb 17, 2025
    risk 0.28cvss 4.3epss 0.00

    RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.

  • CVE-2018-1219MedMar 8, 2018
    risk 0.28cvss 4.3epss 0.02

    EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may…

  • CVE-2017-14369MedOct 11, 2017
    risk 0.28cvss 4.3epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.

  • CVE-2018-11065LowAug 24, 2018
    risk 0.18cvss 2.7epss 0.01

    The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end…

  • CVE-2005-4734Dec 31, 2005
    risk 0.07cvss epss 0.54

    Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.

  • CVE-2022-47529Mar 28, 2023
    risk 0.03cvss epss 0.02

    Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby…

  • CVE-2019-3759Sep 11, 2019
    risk 0.03cvss epss 0.03

    The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain…

  • CVE-2008-1470Mar 24, 2008
    risk 0.03cvss epss 0.02

    Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

  • CVE-2005-3329Oct 27, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.

  • CVE-2005-1118Apr 14, 2005
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.

Page 1 of 3