cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34090,https://securityvulnerability.io/vulnerability/CVE-2024-34090,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"A vulnerability exists in Archer Platform 6 prior to version 2024.04, specifically within the Archer Control Panel (ACP), where content in the login banner is not escaped correctly, leading to stored cross-site scripting (XSS). This issue enables attackers to inject malicious scripts, potentially compromising user sessions and data. As of version 6.14 P3 (6.14.0.3), the vulnerability has been addressed, reinforcing the importance of updating to secure environments.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-34089,https://securityvulnerability.io/vulnerability/CVE-2024-34089,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA Security,"A stored cross-site scripting (XSS) vulnerability is present in the Archer Platform versions prior to 2024.04, allowing remote authenticated users to exploit this flaw. Affected users can inject malicious HTML or JavaScript into the application data store, leading to execution of the code when other users access the compromised data. This issue is particularly concerning for organizations relying on the Archer Platform for critical operational functions, as it may lead to session hijacking, data manipulation, or other malicious actions when unprivileged users access the content.",RSA Security,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-34091,https://securityvulnerability.io/vulnerability/CVE-2024-34091,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"A stored cross-site scripting (XSS) vulnerability has been identified in the Archer Platform 6 prior to version 2024.04. This flaw allows a remote authenticated user to inject and store malicious HTML or JavaScript code within a trusted application data store. When other users access this data store through their browsers, the injected malicious code executes unexpectedly, leading to unauthorized actions, data manipulation, or content inaccessibility. The vulnerability impacts user security and can compromise application integrity, making it critical for affected users to upgrade to the fixed version 6.14 P3 (6.14.0.3) to mitigate associated risks.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-26313,https://securityvulnerability.io/vulnerability/CVE-2024-26313,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"The Archer Platform versions prior to 6.14 P2 HF2 (6.14.0.2.2) and 6.13.P3 HF1 (6.13.0.3.1) are susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw permits a remote authenticated malicious user to inject and store harmful HTML or JavaScript code within a trusted data store of the application. When other users access this stored information, their web browsers may inadvertently execute the malicious script within the context of the vulnerable application, potentially compromising user data and security.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-08T00:00:00.000Z,0
CVE-2022-37317,https://securityvulnerability.io/vulnerability/CVE-2022-37317,HTML Injection Vulnerability in Archer Platform by RSA,"The Archer Platform prior to version 6.11 P3 contains an HTML injection vulnerability, allowing authenticated remote attackers to potentially execute malicious code in the context of the web application. This exploitation occurs when a victim user is deceived into interacting with compromised content. Patches have been released in version 6.10 P4 and 6.11 P2 HF4 to address this issue. For more information, you can visit the RSA security advisory.",Rsa,Archer,7.6,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2022-37318,https://securityvulnerability.io/vulnerability/CVE-2022-37318,Reflected XSS Vulnerability in Archer Platform by RSA Security,"The Archer Platform versions 6.9 SP2 P2 prior to 6.11 P3, along with 6.10 P4 and 6.11 P2 HF4, contain a reflected cross-site scripting (XSS) vulnerability. This issue allows an unauthenticated remote attacker to inject malicious JavaScript code into a web application. If successfully executed, this code can be reflected back to the user’s browser, leading to potential manipulation of user sessions and unauthorized access to sensitive information. Users should upgrade to the fixed versions to mitigate this risk.",Rsa,Archer,7,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2021-33615,https://securityvulnerability.io/vulnerability/CVE-2021-33615,Unrestricted File Upload Vulnerability in RSA Archer by RSA Security,"RSA Archer versions including 6.8.00500.1003 P5 are susceptible to a vulnerability that allows for the unrestricted upload of files with dangerous types. This weakness can expose the system to various attacks, such as executing malicious scripts or introducing harmful files to the server, posing significant security risks. It is crucial for users of affected versions to apply the necessary updates and security patches to mitigate potential threats.",Rsa,Archer,7.5,HIGH,0.0027600000612437725,false,,false,false,false,,,false,false,,2022-06-02T12:32:07.000Z,0
CVE-2022-30584,https://securityvulnerability.io/vulnerability/CVE-2022-30584,Improper Access Control in Archer Platform by RSA,"The Archer Platform prior to version 6.11 contains an improper access control vulnerability in its SSO ADFS functionality. This flaw could potentially be exploited by attackers, allowing them to gain unauthorized access to sensitive resources or manipulate the system in unintended ways. Users are encouraged to upgrade to the latest versions to mitigate the risks associated with this vulnerability.",Rsa,Archer,9.6,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-05-26T19:18:55.000Z,0
CVE-2020-13757,https://securityvulnerability.io/vulnerability/CVE-2020-13757,Decryption Vulnerability in Python-RSA Library by Sybren Stuvel,"The Python-RSA library prior to version 4.1 has a flaw where leading null ('\0') bytes in ciphertext are disregarded during the decryption process. This could potentially allow an attacker to deduce the presence of the library’s usage within an application. Additionally, if the length of the accepted ciphertext influences application functioning, it could lead to concerns such as excessive memory allocation and other unexpected behaviors, thus posing a significant risk in secure application development.",Python-rsa Project,Python-rsa,7.5,HIGH,0.0021899999119341373,false,,false,false,false,,,false,false,,2020-06-01T18:17:07.000Z,0
CVE-2019-3725,https://securityvulnerability.io/vulnerability/CVE-2019-3725,Command Injection vulnerability,RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.,Rsa,"Rsa Netwitness Platform,Rsa Security Analytics",9.8,CRITICAL,0.0018400000408291817,false,,false,false,false,,,false,false,,2019-05-15T16:29:00.000Z,0
CVE-2018-11058,https://securityvulnerability.io/vulnerability/CVE-2018-11058,,"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.",Rsa,"Bsafe Micro Edition Suite,Bsafe  Crypto-c Micro Edition",7.5,HIGH,0.005859999917447567,false,,false,false,false,,,false,false,,2018-09-14T20:00:00.000Z,0
CVE-2018-11054,https://securityvulnerability.io/vulnerability/CVE-2018-11054,,"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.",Rsa,Bsafe Micro Edition Suite,7.5,HIGH,0.01140000019222498,false,,false,false,false,,,false,false,,2018-08-31T18:00:00.000Z,0
CVE-2018-1245,https://securityvulnerability.io/vulnerability/CVE-2018-1245,Authorization ByPass Vulnerability,"RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.",Rsa,Rsa Identity Governance And Lifecycle,9,CRITICAL,0.00139999995008111,false,,false,false,false,,,false,false,,2018-07-13T17:29:00.000Z,0
CVE-2018-11051,https://securityvulnerability.io/vulnerability/CVE-2018-11051,RSA Certificate Manager Path Traversal Vulnerability,"RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.",Rsa,Certificate Manager Path Traversal Vulnerability,7.5,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2018-07-03T17:29:00.000Z,0
CVE-2018-1252,https://securityvulnerability.io/vulnerability/CVE-2018-1252,RSA Web Threat Detection SQL Injection Vulnerability,"RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.",Rsa,Web Threat Detection,8.8,HIGH,0.0017600000137463212,false,,false,false,false,,,false,false,,2018-06-05T12:29:00.000Z,0
CVE-2017-14377,https://securityvulnerability.io/vulnerability/CVE-2017-14377,,EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.,Rsa,Rsa Authentication Agent For Web For Apache Web Server Rsa Authentication Agent For Web: Apache Web Server Version 8.0 And Rsa Authentication Agent For Web: Apache Web Server Version 8.0.1 Prior To Build 618,9.8,CRITICAL,0.0041600000113248825,false,,false,false,false,,,false,false,,2017-11-29T18:00:00.000Z,0
CVE-2014-4627,https://securityvulnerability.io/vulnerability/CVE-2014-4627,,SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,Rsa,Web Threat Detection,8.8,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2014-11-07T11:00:00.000Z,0