cbcvebase.

Emc Rsa Archer Egrc vulnerabilities

23 known vulnerabilities affecting emc/rsa_archer_egrc.

Total CVEs
23
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM21

Vulnerabilities

Page 1 of 2
CVE-2014-0640P2MEDIUMCVSS 4.0Exploitedv5.3v5.4+1 more2014-08-20
CVE-2014-0640 [MEDIUM] CWE-264 CVE-2014-0640: EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
nvd
CVE-2017-4998P3HIGHCVSS 8.8v5.4.1.3v5.5.1.1+4 more2017-07-07
CVE-2017-4998 [HIGH] CWE-352 CVE-2017-4998: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cro EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.
nvd
CVE-2017-4999P3MEDIUMCVSS 6.5v5.4.1.3v5.5.1.1+4 more2017-07-07
CVE-2017-4999 [MEDIUM] CWE-200 CVE-2017-4999: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
nvd
CVE-2012-2293P3MEDIUMCVSS 6.5v5.0v5.1+1 more2013-02-06
CVE-2012-2293 [MEDIUM] CWE-22 CVE-2012-2293: Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.
nvd
CVE-2012-2292P3HIGHCVSS 7.5v5.0v5.1+1 more2013-02-06
CVE-2012-2292 [HIGH] CWE-264 CVE-2012-2292: The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5. The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
nvd
CVE-2014-2517P4MEDIUMCVSS 6.5v5.3v5.4+1 more2014-08-20
CVE-2014-2517 [MEDIUM] CVE-2014-2517: Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authentica Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
nvd
CVE-2016-0899P4MEDIUMCVSS 6.3v5.5v5.5.1+2 more2016-07-04
CVE-2016-0899 [MEDIUM] CWE-200 CVE-2016-0899: EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
nvd
CVE-2014-2505P4MEDIUMCVSS 5.4v5.3v5.4+1 more2014-08-20
CVE-2014-2505 [MEDIUM] CVE-2014-2505: EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of ar EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
nvd
CVE-2013-3276P4MEDIUMCVSS 6.0v5.0v5.1+2 more2013-09-05
CVE-2013-3276 [MEDIUM] CWE-264 CVE-2013-3276: EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restri EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
nvd
CVE-2015-0542P4MEDIUMCVSS 6.8v5.52015-08-20
CVE-2015-0542 [MEDIUM] CWE-352 CVE-2015-0542: Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 a Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
nvd
CVE-2014-0641P4MEDIUMCVSS 6.8v5.3v5.4+1 more2014-08-20
CVE-2014-0641 [MEDIUM] CWE-352 CVE-2014-0641: Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 al Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
nvd
CVE-2017-5002P4MEDIUMCVSS 6.1v5.4.1.3v5.5.1.1+4 more2017-07-07
CVE-2017-5002 [MEDIUM] CWE-601 CVE-2017-5002: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer applicati
nvd
CVE-2012-2294P4MEDIUMCVSS 6.8v5.0v5.1+1 more2013-02-06
CVE-2012-2294 [MEDIUM] CWE-20 CVE-2012-2294: EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
nvd
CVE-2013-0932P4MEDIUMCVSS 4.0v5.0v5.1+2 more2013-05-07
CVE-2013-0932 [MEDIUM] CWE-264 CVE-2013-0932: EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authentica EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
nvd
CVE-2017-5001P4MEDIUMCVSS 4.3v5.4.1.3v5.5.1.1+4 more2017-07-07
CVE-2017-5001 [MEDIUM] CWE-200 CVE-2017-5001: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information ex EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
nvd
CVE-2017-5000P4MEDIUMCVSS 4.3v5.4.1.3v5.5.1.1+4 more2017-07-07
CVE-2017-5000 [MEDIUM] CWE-200 CVE-2017-5000: EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information ex EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
nvd
CVE-2013-3277P4MEDIUMCVSS 5.8v5.0v5.1+2 more2013-09-05
CVE-2013-3277 [MEDIUM] CWE-20 CVE-2013-3277: Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
nvd
CVE-2013-6178P4MEDIUMCVSS 4.3v5.0v5.1+3 more2013-12-19
CVE-2013-6178 [MEDIUM] CWE-79 CVE-2013-6178: Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow r Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-0639P4MEDIUMCVSS 4.3v5.0v5.1+3 more2014-05-25
CVE-2014-0639 [MEDIUM] CWE-79 CVE-2014-0639: Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allo Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0934P4MEDIUMCVSS 4.0v5.0v5.1+2 more2013-05-07
CVE-2013-0934 [MEDIUM] CWE-264 CVE-2013-0934: EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authentica EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
nvd
Emc Rsa Archer Egrc vulnerabilities | cvebase