cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25066,https://securityvulnerability.io/vulnerability/CVE-2024-25066,XML External Entity Vulnerability in RSA Authentication Manager,"The RSA Authentication Manager prior to version 8.7 SP2 Patch 1 is susceptible to XML External Entity (XXE) attacks. This vulnerability allows an attacker to manipulate license files in a way that permits unauthorized access to files on the server hosting the product. Although data exfiltration is not possible, the presence of attacker-controlled files can lead to potential unauthorized information exposure and integrity issues, posing serious risks to the overall security posture of the affected systems.",Rsa,Authentication Manager,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-02-17T00:00:00.000Z,0
CVE-2024-28058,https://securityvulnerability.io/vulnerability/CVE-2024-28058,Broken Access Control Vulnerability in RSA NetWitness Platform,"In RSA NetWitness Platform versions prior to 12.5.1, a serious flaw exists that enables an internal threat actor to circumvent access controls. Even after an administrator revokes a user's access, the system does not fully terminate the user's session, allowing unauthorized access to sensitive data. This vulnerability highlights the importance of robust session management and the need for constant vigilance in safeguarding user permissions.",RSA Security,RSA NetWitness Platform,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:15:00.000Z,0
CVE-2024-23169,https://securityvulnerability.io/vulnerability/CVE-2024-23169,Cross-Site Scripting Vulnerability in RSA NetWitness Web Interface,"The web interface of RSA NetWitness version 11.7.2.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises during the creation of new rules within the Reports screen, specifically through the input field labeled 'Where.' Attackers can exploit this vulnerability to inject arbitrary scripts, which may lead to unauthorized data access, session hijacking, or the execution of malicious actions in the context of the user's session. It is crucial for users and administrators of RSA NetWitness to be aware of this vulnerability and apply necessary precautions to mitigate potential exploitation.",RSA Security,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T19:15:00.000Z,0
CVE-2024-34090,https://securityvulnerability.io/vulnerability/CVE-2024-34090,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"A vulnerability exists in Archer Platform 6 prior to version 2024.04, specifically within the Archer Control Panel (ACP), where content in the login banner is not escaped correctly, leading to stored cross-site scripting (XSS). This issue enables attackers to inject malicious scripts, potentially compromising user sessions and data. As of version 6.14 P3 (6.14.0.3), the vulnerability has been addressed, reinforcing the importance of updating to secure environments.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-34091,https://securityvulnerability.io/vulnerability/CVE-2024-34091,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"A stored cross-site scripting (XSS) vulnerability has been identified in the Archer Platform 6 prior to version 2024.04. This flaw allows a remote authenticated user to inject and store malicious HTML or JavaScript code within a trusted application data store. When other users access this data store through their browsers, the injected malicious code executes unexpectedly, leading to unauthorized actions, data manipulation, or content inaccessibility. The vulnerability impacts user security and can compromise application integrity, making it critical for affected users to upgrade to the fixed version 6.14 P3 (6.14.0.3) to mitigate associated risks.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-34089,https://securityvulnerability.io/vulnerability/CVE-2024-34089,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA Security,"A stored cross-site scripting (XSS) vulnerability is present in the Archer Platform versions prior to 2024.04, allowing remote authenticated users to exploit this flaw. Affected users can inject malicious HTML or JavaScript into the application data store, leading to execution of the code when other users access the compromised data. This issue is particularly concerning for organizations relying on the Archer Platform for critical operational functions, as it may lead to session hijacking, data manipulation, or other malicious actions when unprivileged users access the content.",RSA Security,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-34092,https://securityvulnerability.io/vulnerability/CVE-2024-34092,Authentication Flaw in Archer Platform Affects User Sessions,"A significant vulnerability exists in the Archer Platform 6 that affects proper session management due to an oversight in authentication handling. Specifically, the platform failed to terminate existing sessions effectively, exposing users to potential unauthorized access. This issue is present in versions prior to 2024.04, including 6.14 P3 (6.14.0.3), making it essential for users to update their systems promptly to mitigate risks associated with this vulnerability.",RSA Security,Archer Platform,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2024-2467,https://securityvulnerability.io/vulnerability/CVE-2024-2467,Timing-Based Side-Channel Flaw in PKCS#1v1.5 RSA Encryption Padding Mode Could Lead to Decryption,"A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.",perl-Crypt-OpenSSL-RSA,,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2024-26313,https://securityvulnerability.io/vulnerability/CVE-2024-26313,Stored Cross-Site Scripting Vulnerability in Archer Platform by RSA,"The Archer Platform versions prior to 6.14 P2 HF2 (6.14.0.2.2) and 6.13.P3 HF1 (6.13.0.3.1) are susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw permits a remote authenticated malicious user to inject and store harmful HTML or JavaScript code within a trusted data store of the application. When other users access this stored information, their web browsers may inadvertently execute the malicious script within the context of the vulnerable application, potentially compromising user data and security.",RSA,,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-08T00:00:00.000Z,0
CVE-2024-26309,https://securityvulnerability.io/vulnerability/CVE-2024-26309,Sensitive Information Disclosure in Archer Platform by RSA,"The Archer Platform version 6.x prior to 6.14 P2 HF2 is susceptible to a sensitive information disclosure vulnerability. This flaw allows unauthenticated attackers to gain access to sensitive information through an internal URL, potentially compromising data security. Organizations using the affected versions should apply necessary updates to mitigate this risk.",RSA,Archer Platform,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-08T00:00:00.000Z,0
CVE-2024-26310,https://securityvulnerability.io/vulnerability/CVE-2024-26310,Improper Access Control in Archer Platform by RSA Security,"The Archer Platform 6.8, prior to version 6.14 P2 (6.14.0.2), suffers from an improper access control vulnerability. This issue allows a remote authenticated user to exploit the system, potentially gaining unauthorized access to sensitive API information intended for users with higher privileges. Organizations utilizing the affected versions should prioritize updating to mitigate the risk associated with this vulnerability.",RSA Security,Archer Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-21T00:00:00.000Z,0
CVE-2024-26311,https://securityvulnerability.io/vulnerability/CVE-2024-26311,Reflected XSS Vulnerability in Archer Platform by RSA,"The Archer Platform versions prior to 6.14 P2 HF1 (6.14.0.2.1) are susceptible to a reflected XSS vulnerability. This issue allows a remote authenticated attacker to craft a malicious JavaScript payload that can be injected into the web application's response. If a victim user is tricked into executing this payload, the attacker's script is run in the context of the victim’s session. This could lead to unauthorized actions being performed on behalf of the user, potentially compromising sensitive data and operational integrity.",RSA,Archer Platform,5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-21T00:00:00.000Z,0
CVE-2022-47529,https://securityvulnerability.io/vulnerability/CVE-2022-47529,Insecure Memory Object Vulnerability in RSA NetWitness Platform,"The RSA NetWitness Platform prior to version 12.2 contains a critical vulnerability due to insecure Win32 memory objects. This flaw allows local and administrative Windows users to alter the configuration of the endpoint agent service. As a result, they can completely disable the service or execute arbitrary code, enabling them to circumvent built-in tamper-protection mechanisms through modifications to Access Control Lists (ACLs). This vulnerability underscores the importance of proper access controls and highlights potential risks in endpoint security configurations.",Rsa,Netwitness,6.7,MEDIUM,0.000859999970998615,false,,false,false,true,2023-03-24T22:50:26.000Z,true,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2022-37317,https://securityvulnerability.io/vulnerability/CVE-2022-37317,HTML Injection Vulnerability in Archer Platform by RSA,"The Archer Platform prior to version 6.11 P3 contains an HTML injection vulnerability, allowing authenticated remote attackers to potentially execute malicious code in the context of the web application. This exploitation occurs when a victim user is deceived into interacting with compromised content. Patches have been released in version 6.10 P4 and 6.11 P2 HF4 to address this issue. For more information, you can visit the RSA security advisory.",Rsa,Archer,7.6,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2022-37318,https://securityvulnerability.io/vulnerability/CVE-2022-37318,Reflected XSS Vulnerability in Archer Platform by RSA Security,"The Archer Platform versions 6.9 SP2 P2 prior to 6.11 P3, along with 6.10 P4 and 6.11 P2 HF4, contain a reflected cross-site scripting (XSS) vulnerability. This issue allows an unauthenticated remote attacker to inject malicious JavaScript code into a web application. If successfully executed, this code can be reflected back to the user’s browser, leading to potential manipulation of user sessions and unauthorized access to sensitive information. Users should upgrade to the fixed versions to mitigate this risk.",Rsa,Archer,7,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2022-37316,https://securityvulnerability.io/vulnerability/CVE-2022-37316,Improper API Access Control in Archer Platform by RSA Security,"The Archer Platform, developed by RSA Security, is susceptible to an improper API access control vulnerability within its multi-instance environment. This issue could allow an authenticated user to access unauthorized metadata, which poses a risk of data exposure. The vulnerability affects versions prior to 6.11 P3 (6.11.0.3) and also includes 6.10 P3 HF1 (6.10.0.3.1). Users are advised to update to the latest versions to mitigate any risks associated with this vulnerability.",Rsa,Archer,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-25T23:15:00.000Z,0
CVE-2021-33615,https://securityvulnerability.io/vulnerability/CVE-2021-33615,Unrestricted File Upload Vulnerability in RSA Archer by RSA Security,"RSA Archer versions including 6.8.00500.1003 P5 are susceptible to a vulnerability that allows for the unrestricted upload of files with dangerous types. This weakness can expose the system to various attacks, such as executing malicious scripts or introducing harmful files to the server, posing significant security risks. It is crucial for users of affected versions to apply the necessary updates and security patches to mitigate potential threats.",Rsa,Archer,7.5,HIGH,0.0027600000612437725,false,,false,false,false,,,false,false,,2022-06-02T12:32:07.000Z,0
CVE-2022-30584,https://securityvulnerability.io/vulnerability/CVE-2022-30584,Improper Access Control in Archer Platform by RSA,"The Archer Platform prior to version 6.11 contains an improper access control vulnerability in its SSO ADFS functionality. This flaw could potentially be exploited by attackers, allowing them to gain unauthorized access to sensitive resources or manipulate the system in unintended ways. Users are encouraged to upgrade to the latest versions to mitigate the risks associated with this vulnerability.",Rsa,Archer,9.6,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-05-26T19:18:55.000Z,0
CVE-2022-30585,https://securityvulnerability.io/vulnerability/CVE-2022-30585,Authorization Bypass Vulnerability in Archer Platform by RSA Security,"The Archer Platform, developed by RSA Security, contains an authorization bypass vulnerability in its REST API, present in versions prior to 6.11. This flaw allows a remote authenticated malicious user to exploit the system, potentially gaining unauthorized access to sensitive information. Fixes have been issued in releases 6.10 P3 and 6.9 SP3 P4 to mitigate this security risk.",Rsa,Archer,6.5,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2022-05-26T19:18:49.000Z,0
CVE-2021-33616,https://securityvulnerability.io/vulnerability/CVE-2021-33616,Stored XSS in RSA Archer from RSA Security,"The vulnerability discovered in RSA Archer permits attackers to exploit stored XSS, allowing malicious scripts to be executed in the context of a user's session. This can lead to unauthorized data access, session hijacking, and further exploitation of user privileges. Versions affected include RSA Archer 6.x and up to 6.9 SP1 P4 (6.9.1.4). Organizations utilizing these versions should prioritize applying security patches and updating their systems to mitigate the risks associated with this flaw.",Rsa,Archer,5.4,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-04-04T11:51:06.000Z,0
CVE-2021-38362,https://securityvulnerability.io/vulnerability/CVE-2021-38362,Insecure Direct Object Reference in RSA Archer by RSA Security,"An IDOR vulnerability exists in RSA Archer, allowing authenticated attackers to exploit a REST API endpoint. By making a specially crafted GET request, these attackers can bypass access controls and gain unauthorized access to sensitive information. This poses a significant risk as it may expose sensitive data that should only be available to authorized users.",Rsa,Archer,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-03-30T21:43:55.000Z,0
CVE-2022-26947,https://securityvulnerability.io/vulnerability/CVE-2022-26947,Reflected XSS Vulnerability in Archer Product by RSA,"The Archer product by RSA versions 6.x up to 6.9 SP3 (6.9.3.0) is susceptible to a reflected XSS vulnerability. This occurs when a remote authenticated user can exploit the flaw by persuading another user to execute malicious HTML or JavaScript within the Archer web application. As the code is reflected back to the victim's browser, it runs in the context of the vulnerable application, potentially compromising user interactions and sensitive data.",Rsa,Archer,6.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26950,https://securityvulnerability.io/vulnerability/CVE-2022-26950,Open Redirect Vulnerability in Archer Product by RSA,"The Archer product by RSA suffers from an open redirect vulnerability that allows remote, unprivileged attackers to redirect users to arbitrary websites. This exploitation can facilitate phishing attacks, potentially resulting in credential theft. Users may unwittingly be directed to malicious sites, leading to unauthorized access as the attacker could manipulate the authentication process without the victim's awareness, compromising information security.",Rsa,Archer,5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2021-41594,https://securityvulnerability.io/vulnerability/CVE-2021-41594,Access Control Bypass in RSA Archer by RSA,"In RSA Archer 6.9.SP1 P3, an access control vulnerability exists that allows an attacker to bypass user permissions. This issue arises when an Administrator restricts certain application functions. An attacker can exploit this by intercepting API requests directed at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. By replacing parameters in the request with empty fields, the attacker gains unauthorized access to restricted functions, potentially compromising sensitive data and operations.",Rsa,Archer,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0
CVE-2022-26951,https://securityvulnerability.io/vulnerability/CVE-2022-26951,Reflected XSS in Archer 6.x by RSA,"The Archer product line from RSA, specifically versions 6.0 through 6.10, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This weakness allows an attacker to exploit the system by tricking a user of the application into entering malicious HTML or JavaScript code. When these malicious inputs are processed by the vulnerable web application, they are reflected back to the victim’s web browser for execution within the context of the Archer application, potentially compromising user data and session integrity.",Rsa,Archer,6.5,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-03-30T00:15:00.000Z,0