cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-37316,https://securityvulnerability.io/vulnerability/CVE-2022-37316,Improper API Access Control in Archer Platform by RSA Security,"The Archer Platform, developed by RSA Security, is susceptible to an improper API access control vulnerability within its multi-instance environment. This issue could allow an authenticated user to access unauthorized metadata, which poses a risk of data exposure. The vulnerability affects versions prior to 6.11 P3 (6.11.0.3) and also includes 6.10 P3 HF1 (6.10.0.3.1). Users are advised to update to the latest versions to mitigate any risks associated with this vulnerability.",Rsa,Archer,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2022-37317,https://securityvulnerability.io/vulnerability/CVE-2022-37317,HTML Injection Vulnerability in Archer Platform by RSA,"The Archer Platform prior to version 6.11 P3 contains an HTML injection vulnerability, allowing authenticated remote attackers to potentially execute malicious code in the context of the web application. This exploitation occurs when a victim user is deceived into interacting with compromised content. Patches have been released in version 6.10 P4 and 6.11 P2 HF4 to address this issue. For more information, you can visit the RSA security advisory.",Rsa,Archer,7.6,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2022-37318,https://securityvulnerability.io/vulnerability/CVE-2022-37318,Reflected XSS Vulnerability in Archer Platform by RSA Security,"The Archer Platform versions 6.9 SP2 P2 prior to 6.11 P3, along with 6.10 P4 and 6.11 P2 HF4, contain a reflected cross-site scripting (XSS) vulnerability. This issue allows an unauthenticated remote attacker to inject malicious JavaScript code into a web application. If successfully executed, this code can be reflected back to the user’s browser, leading to potential manipulation of user sessions and unauthorized access to sensitive information. Users should upgrade to the fixed versions to mitigate this risk.",Rsa,Archer,7,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2021-33615,https://securityvulnerability.io/vulnerability/CVE-2021-33615,Unrestricted File Upload Vulnerability in RSA Archer by RSA Security,"RSA Archer versions including 6.8.00500.1003 P5 are susceptible to a vulnerability that allows for the unrestricted upload of files with dangerous types. This weakness can expose the system to various attacks, such as executing malicious scripts or introducing harmful files to the server, posing significant security risks. It is crucial for users of affected versions to apply the necessary updates and security patches to mitigate potential threats.",Rsa,Archer,7.5,HIGH,0.0027600000612437725,false,,false,false,false,,,false,false,,2022-06-02T12:32:07.000Z,0
CVE-2022-30584,https://securityvulnerability.io/vulnerability/CVE-2022-30584,Improper Access Control in Archer Platform by RSA,"The Archer Platform prior to version 6.11 contains an improper access control vulnerability in its SSO ADFS functionality. This flaw could potentially be exploited by attackers, allowing them to gain unauthorized access to sensitive resources or manipulate the system in unintended ways. Users are encouraged to upgrade to the latest versions to mitigate the risks associated with this vulnerability.",Rsa,Archer,9.6,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-05-26T19:18:55.000Z,0
CVE-2022-30585,https://securityvulnerability.io/vulnerability/CVE-2022-30585,Authorization Bypass Vulnerability in Archer Platform by RSA Security,"The Archer Platform, developed by RSA Security, contains an authorization bypass vulnerability in its REST API, present in versions prior to 6.11. This flaw allows a remote authenticated malicious user to exploit the system, potentially gaining unauthorized access to sensitive information. Fixes have been issued in releases 6.10 P3 and 6.9 SP3 P4 to mitigate this security risk.",Rsa,Archer,6.5,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2022-05-26T19:18:49.000Z,0
CVE-2021-33616,https://securityvulnerability.io/vulnerability/CVE-2021-33616,Stored XSS in RSA Archer from RSA Security,"The vulnerability discovered in RSA Archer permits attackers to exploit stored XSS, allowing malicious scripts to be executed in the context of a user's session. This can lead to unauthorized data access, session hijacking, and further exploitation of user privileges. Versions affected include RSA Archer 6.x and up to 6.9 SP1 P4 (6.9.1.4). Organizations utilizing these versions should prioritize applying security patches and updating their systems to mitigate the risks associated with this flaw.",Rsa,Archer,5.4,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-04-04T11:51:06.000Z,0
CVE-2021-38362,https://securityvulnerability.io/vulnerability/CVE-2021-38362,Insecure Direct Object Reference in RSA Archer by RSA Security,"An IDOR vulnerability exists in RSA Archer, allowing authenticated attackers to exploit a REST API endpoint. By making a specially crafted GET request, these attackers can bypass access controls and gain unauthorized access to sensitive information. This poses a significant risk as it may expose sensitive data that should only be available to authorized users.",Rsa,Archer,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-03-30T21:43:55.000Z,0
CVE-2022-26950,https://securityvulnerability.io/vulnerability/CVE-2022-26950,Open Redirect Vulnerability in Archer Product by RSA,"The Archer product by RSA suffers from an open redirect vulnerability that allows remote, unprivileged attackers to redirect users to arbitrary websites. This exploitation can facilitate phishing attacks, potentially resulting in credential theft. Users may unwittingly be directed to malicious sites, leading to unauthorized access as the attacker could manipulate the authentication process without the victim's awareness, compromising information security.",Rsa,Archer,5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26947,https://securityvulnerability.io/vulnerability/CVE-2022-26947,Reflected XSS Vulnerability in Archer Product by RSA,"The Archer product by RSA versions 6.x up to 6.9 SP3 (6.9.3.0) is susceptible to a reflected XSS vulnerability. This occurs when a remote authenticated user can exploit the flaw by persuading another user to execute malicious HTML or JavaScript within the Archer web application. As the code is reflected back to the victim's browser, it runs in the context of the vulnerable application, potentially compromising user interactions and sensitive data.",Rsa,Archer,6.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26949,https://securityvulnerability.io/vulnerability/CVE-2022-26949,Improper Access Control in Archer by RSA,"Archer versions 6.x up to 6.9 SP2 P1 (6.9.2.1) are affected by an improper access control vulnerability concerning attachments. This vulnerability enables a remote authenticated malicious user to gain unauthorized access to files, which should only be accessible by users with elevated privileges. As a result, sensitive information may be exposed, highlighting the importance of applying security measures to safeguard affected systems.",Rsa,Archer,5.3,MEDIUM,0.0012000000569969416,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26951,https://securityvulnerability.io/vulnerability/CVE-2022-26951,Reflected XSS in Archer 6.x by RSA,"The Archer product line from RSA, specifically versions 6.0 through 6.10, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This weakness allows an attacker to exploit the system by tricking a user of the application into entering malicious HTML or JavaScript code. When these malicious inputs are processed by the vulnerable web application, they are reflected back to the victim’s web browser for execution within the context of the Archer application, potentially compromising user data and session integrity.",Rsa,Archer,6.5,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26948,https://securityvulnerability.io/vulnerability/CVE-2022-26948,Insecure Credential Storage in Archer RSS Feed Integration from RSA,"The Archer RSS feed integration for versions 6.x through 6.9 SP1, specifically 6.9.1.0, is impacted by an insecure credential storage vulnerability. This flaw allows malicious attackers to gain unauthorized access to sensitive credential information, which can be exploited for further attacks, potentially compromising the security of the system. It is crucial for users of affected Archer versions to address this vulnerability promptly to safeguard their data and prevent any malicious exploitation.",Rsa,Archer,5.8,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2021-41594,https://securityvulnerability.io/vulnerability/CVE-2021-41594,Access Control Bypass in RSA Archer by RSA,"In RSA Archer 6.9.SP1 P3, an access control vulnerability exists that allows an attacker to bypass user permissions. This issue arises when an Administrator restricts certain application functions. An attacker can exploit this by intercepting API requests directed at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. By replacing parameters in the request with empty fields, the attacker gains unauthorized access to restricted functions, potentially compromising sensitive data and operations.",Rsa,Archer,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2021-29253,https://securityvulnerability.io/vulnerability/CVE-2021-29253,Insecure Credential Storage in RSA Archer by Tableau Integration,"The Tableau integration within RSA Archer versions 6.4 P1 through 6.9 P2 is prone to an insecure credential storage issue. This vulnerability allows an attacker with access to the Tableau workbook file to extract sensitive credential information. The compromised credentials can potentially be leveraged for unauthorized access to other resources, posing significant risks to data integrity and security. It is crucial for users of affected RSA Archer versions to take immediate actions to secure their systems and mitigate potential security threats.",Rsa,Archer,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-05-26T03:57:50.000Z,0
CVE-2021-29252,https://securityvulnerability.io/vulnerability/CVE-2021-29252,Stored XSS Vulnerability in RSA Archer by RSA Security,RSA Archer versions prior to 6.9 SP1 P1 (6.9.1.1) are susceptible to a stored cross-site scripting (XSS) vulnerability. This issue allows remote authenticated users with permissions to modify link name fields to craft payloads that can lead to the execution of arbitrary code in the browsers of victims accessing those fields. Successful exploitation could compromise the integrity and confidentiality of user data.,Rsa,Archer,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-05-26T03:56:19.000Z,0
CVE-2020-29538,https://securityvulnerability.io/vulnerability/CVE-2020-29538,Improper Access Control Vulnerability in Archer by RSA,"Archer prior to version 6.9 P1 (6.9.0.1) is susceptible to an improper access control vulnerability affecting its API. This flaw could allow a remote authenticated malicious administrative user to exploit the vulnerability, potentially enabling them to gather sensitive system information. Such information may be leveraged for further attacks, compromising the integrity and security of the environment.",Rsa,Archer,4.9,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2021-01-29T06:35:55.000Z,0
CVE-2020-29536,https://securityvulnerability.io/vulnerability/CVE-2020-29536,Path Exposure Vulnerability in RSA Archer by RSA,"The RSA Archer platform prior to version 6.8 P2 (6.8.0.2) is susceptible to a path exposure vulnerability. This issue permits a remote authenticated attacker, who has access to service files, to exploit the flaw by potentially extracting sensitive information. This information could be leveraged to conduct further malicious activities, posing a significant risk to systems and data integrity.",Rsa,Archer,4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-01-29T06:34:47.000Z,0
CVE-2020-29537,https://securityvulnerability.io/vulnerability/CVE-2020-29537,Open Redirect Vulnerability in RSA Archer by RSA,"RSA Archer prior to version 6.8 P2 (6.8.0.2) is susceptible to an open redirect vulnerability that allows a remote privileged attacker to redirect unsuspecting users to arbitrary websites. This flaw could be exploited to conduct phishing attacks, enabling the attacker to collect user credentials and gain unauthorized access to Archer without raising suspicion from the victims.",Rsa,Archer,4.6,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-01-29T06:33:40.000Z,0
CVE-2020-29535,https://securityvulnerability.io/vulnerability/CVE-2020-29535,Stored XSS Vulnerability in Archer by RSA Security,"The affected version of Archer contains a stored XSS vulnerability that could be exploited by a remote authenticated user. This allows attackers to introduce malicious HTML or JavaScript code into a trusted application data store. When legitimate users access this corrupted data, their web browsers may execute the injected code within the context of the Archer application, potentially compromising sensitive information and functionality.",Rsa,Archer,5.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-01-29T06:32:39.000Z,0
CVE-2020-26884,https://securityvulnerability.io/vulnerability/CVE-2020-26884,URL Injection Vulnerability in RSA Archer Products,"RSA Archer versions 6.8 through 6.9 contain a URL injection vulnerability that allows an unauthenticated remote attacker to manipulate a victim's web application session. By convincing a user to execute malicious JavaScript code, the attacker can potentially compromise the integrity and confidentiality of the application. Organizations using affected versions are advised to implement security measures to mitigate the risks associated with this vulnerability.",Rsa,Archer,6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2020-11-18T15:24:22.000Z,0
CVE-2017-14371,https://securityvulnerability.io/vulnerability/CVE-2017-14371,,RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.,Rsa,Rsa Archer Grc Platform Prior To 6.2.0.5,6.1,MEDIUM,0.0014900000533089042,false,,false,false,false,,,false,false,,2017-10-11T19:00:00.000Z,0
CVE-2017-14372,https://securityvulnerability.io/vulnerability/CVE-2017-14372,,RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.,Rsa,Rsa Archer Grc Platform Prior To 6.2.0.5,6.1,MEDIUM,0.0014900000533089042,false,,false,false,false,,,false,false,,2017-10-11T19:00:00.000Z,0
CVE-2017-14369,https://securityvulnerability.io/vulnerability/CVE-2017-14369,,RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.,Rsa,Rsa Archer Grc Platform Prior To 6.2.0.5,4.3,MEDIUM,0.0010999999940395355,false,,false,false,false,,,false,false,,2017-10-11T19:00:00.000Z,0
CVE-2017-14370,https://securityvulnerability.io/vulnerability/CVE-2017-14370,,RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.,Rsa,Rsa Archer Grc Platform Versions Prior To 6.2.0.5,5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2017-10-11T19:00:00.000Z,0