Vulnerabilites related to emc - rsa_archer_egrc
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CD7F0766-FB33-4315-B02C-D92AE9B0F900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-2517",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:13.860",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69287"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95363"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-04 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.5 | |
| emc | rsa_archer_egrc | 5.5 | |
| emc | rsa_archer_egrc | 5.5.1 | |
| emc | rsa_archer_egrc | 5.5.1.3 | |
| emc | rsa_archer_egrc | 5.5.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0816F652-D874-4884-9F07-618304B75823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E25F9A8-0D26-4C4F-A5E1-F6895C3C1A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48E7FC43-B542-446C-B0C3-2397BA9A8654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files."
},
{
"lang": "es",
"value": "EMC RSA Archer GRC 5.5.x en versiones anteriores a 5.5.3.4 permite a usuarios remotos autenticados leer el archivo web.config.bak y obtener informaci\u00f3n sensible de credenciales, modificando la configuraci\u00f3n IIS para establecer una cabecera Content-Type para archivos .bak."
}
],
"id": "CVE-2016-0899",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-04T16:59:00.130",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2016/Jun/54"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1036080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2016/Jun/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036080"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.4.1.3 | |
| emc | rsa_archer_egrc | 5.5.1.1 | |
| emc | rsa_archer_egrc | 5.5.1.3.1 | |
| emc | rsa_archer_egrc | 5.5.2 | |
| emc | rsa_archer_egrc | 5.5.2.3 | |
| emc | rsa_archer_egrc | 5.5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
},
{
"lang": "es",
"value": "RSA Archer versiones 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 de EMC, est\u00e1 afectado por una exposici\u00f3n de informaci\u00f3n por medio de una vulnerabilidad de mensaje de error. Un atacante remoto con pocos privilegios puede explotar potencialmente esta vulnerabilidad para utilizar la informaci\u00f3n revelada en un mensaje de error para iniciar otro ataque m\u00e1s concentrado."
}
],
"id": "CVE-2017-5000",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T00:29:00.350",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account."
},
{
"lang": "es",
"value": "EMC RSA Archer GRC v5.x anterior a v5.4 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y completar un inicio de sesi\u00f3n mediante el aprovechamiento de una cuenta desactivada."
}
],
"id": "CVE-2013-3276",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-05T11:44:57.730",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 | |
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiple vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en el sitio remoto (XSS) en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de 5.2SP1 permitir a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1064",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-06T12:05:42.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en EMC RSA Archer GRC v5.x anterior a v5.4 permite a atacantes remotos para redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3277",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-05T11:44:57.780",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.4.1.3 | |
| emc | rsa_archer_egrc | 5.5.1.1 | |
| emc | rsa_archer_egrc | 5.5.1.3.1 | |
| emc | rsa_archer_egrc | 5.5.2 | |
| emc | rsa_archer_egrc | 5.5.2.3 | |
| emc | rsa_archer_egrc | 5.5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users\u0027 discussion forum messages."
},
{
"lang": "es",
"value": "RSA Archer versiones 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 de EMC, est\u00e1 afectado por una omisi\u00f3n de autorizaci\u00f3n por medio de una vulnerabilidad de clave controlada por el usuario en los Mensajes del Foro de Discusi\u00f3n. Un atacante remoto con pocos privilegios puede explotar potencialmente esta vulnerabilidad para elevar sus privilegios y visualizar los mensajes del foro de discusi\u00f3n de otros usuarios."
}
],
"id": "CVE-2017-4999",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T00:29:00.303",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.4.1.3 | |
| emc | rsa_archer_egrc | 5.5.1.1 | |
| emc | rsa_archer_egrc | 5.5.1.3.1 | |
| emc | rsa_archer_egrc | 5.5.2 | |
| emc | rsa_archer_egrc | 5.5.2.3 | |
| emc | rsa_archer_egrc | 5.5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user\u0027s privileges."
},
{
"lang": "es",
"value": "RSA Archer versiones 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 de EMC, est\u00e1 potencialmente afectado por una vulnerabilidad de tipo cross-site request forgery. Un atacante remoto con pocos privilegios puede explotar potencialmente la vulnerabilidad para ejecutar peticiones no autorizadas en nombre de la v\u00edctima, utilizando los privilegios del usuario autenticado."
}
],
"id": "CVE-2017-4998",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T00:29:00.243",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CD7F0766-FB33-4315-B02C-D92AE9B0F900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2014-0641",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-20T11:17:13.673",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69289"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95361"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2025-04-12 10:46
Severity ?
Summary
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CD7F0766-FB33-4315-B02C-D92AE9B0F900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors."
},
{
"lang": "es",
"value": "EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a usuarios remotos autenticados evadir las restricciones sobre el acceso a recursos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0640",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:13.610",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69288"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.4.1.3 | |
| emc | rsa_archer_egrc | 5.5.1.1 | |
| emc | rsa_archer_egrc | 5.5.1.3.1 | |
| emc | rsa_archer_egrc | 5.5.2 | |
| emc | rsa_archer_egrc | 5.5.2.3 | |
| emc | rsa_archer_egrc | 5.5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims\u0027 credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred."
},
{
"lang": "es",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 es afectado por una vulnerabilidad de redirecci\u00f3n. Un atacante remoto sin privilegios puede redireccionar a usuarios leg\u00edtimos y conducirles a un ataque de phishing. El atacante puede robar las credenciales de la v\u00edctima y autenticarse silenciosamente en la aplicaci\u00f3n RSA Archer sin que la victima se de cuenta del ataque."
}
],
"id": "CVE-2017-5002",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T00:29:00.447",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2025-04-11 00:51
Severity ?
Summary
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 | |
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
},
{
"lang": "es",
"value": "La pol\u00edtica Silverlight cross-domain en EMC RSA Archer SmartSuite Framework v4.x y vRSA Archer GRC v5.x anterior a v5.2SP1 no restringe el acceso a la aplicaci\u00f3n Archer, lo que permite a atacantes remotos eludir el Same Origin Policy mediante vectores desconocidos."
}
],
"id": "CVE-2012-2292",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-06T12:05:42.177",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2025-04-11 00:51
Severity ?
Summary
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 | |
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page."
},
{
"lang": "es",
"value": "EMC RSA Archer SmartSuite Framework 4.x y RSA Archer GRC v5.x anterior a v5.2SP1 permite a atacantes remotos llevar a cabo ataques de clickjacking mediante una p\u00e1gina web maliciosa."
}
],
"id": "CVE-2012-2294",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-06T12:05:42.270",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-07 12:23
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en EMC RSA Archer v5.x anterior a GRC 5.3SP1, y Archer Smart Suite Framework v4.x,, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-0933",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-07T12:23:43.997",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jun/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99354 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.4.1.3 | |
| emc | rsa_archer_egrc | 5.5.1.1 | |
| emc | rsa_archer_egrc | 5.5.1.3.1 | |
| emc | rsa_archer_egrc | 5.5.2 | |
| emc | rsa_archer_egrc | 5.5.2.3 | |
| emc | rsa_archer_egrc | 5.5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DD1233-DD85-441C-96BF-0C2F546E9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CE57E4-7A97-433B-98BA-8D8348414207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7C61B-6E97-456B-91FB-6B3456E5EBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A155A-42C9-47DC-ABC6-80E1AABF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC15A9-4869-4593-B06D-0111E625C94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77DD0FBE-D500-4A77-A440-5958EDF9678B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
},
{
"lang": "es",
"value": "RSA Archer versiones 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 de EMC, est\u00e1 afectado por una exposici\u00f3n de informaci\u00f3n por medio de una vulnerabilidad de mensaje de error. Un atacante remoto con pocos privilegios puede explotar potencialmente esta vulnerabilidad para utilizar la informaci\u00f3n revelada en un mensaje de error para iniciar otro ataque m\u00e1s centrado."
}
],
"id": "CVE-2017-5001",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T00:29:00.413",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038815"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en EMC RSAArcher GRC 5.x anteriores a 5.4 SP1 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6178",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-19T22:55:04.400",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1029523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029523"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 | |
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de v5.2SP1 permite a usuarios remotos autenticados subir archivos, y por lo tanto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una ruta relativa."
}
],
"id": "CVE-2012-2293",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-06T12:05:42.223",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-07 12:23
Modified
2025-04-11 00:51
Severity ?
Summary
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors."
},
{
"lang": "es",
"value": "EMC RSA Archer v5.x anterior a GRC v5.3SP1, y Archer Smart Suite Framework v4.x, permite a usuarios remotos autenticados eludir las restricciones de acceso y modificar informes globales mediante vectores desconocidos."
}
],
"id": "CVE-2013-0934",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-07T12:23:44.020",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0816F652-D874-4884-9F07-618304B75823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "Vulnerabilidades de CSRF m\u00faltiples en EMC RSA Archer GRC 5.5 SP1 en versiones anteriores a P3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2015-0542",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T10:59:05.670",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/85"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76404"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033300"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2025-04-12 10:46
Severity ?
Summary
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CD7F0766-FB33-4315-B02C-D92AE9B0F900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product\u0027s functionality, via unspecified vectors."
},
{
"lang": "es",
"value": "EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a atacantes remotos provocar la descarga de c\u00f3digo arbitrario, y como consecuencia cambiar la funcionalidad del producto, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2505",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:13.720",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69290"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95360"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-25 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CD7F0766-FB33-4315-B02C-D92AE9B0F900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en EMC RSA Archer 5.x anterior a GRC 5.4 SP1 P3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0639",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-25T22:55:01.893",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/67602"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030281"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_egrc | 5.4 | |
| emc | rsa_archer_egrc | 5.5 | |
| emc | rsa_archer_egrc | 5.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE64AE-F24C-474E-B89E-952D10621F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB8B9F-A96F-4B38-B7B5-4D923FCFDBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E25F9A8-0D26-4C4F-A5E1-F6895C3C1A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en EMC RSA Archer GRC Platform 5.x anterior a 5.5.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4633",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-12T18:59:02.397",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-07 12:23
Modified
2025-04-11 00:51
Severity ?
Summary
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | rsa_archer_egrc | 5.0 | |
| emc | rsa_archer_egrc | 5.1 | |
| emc | rsa_archer_egrc | 5.2 | |
| emc | rsa_archer_egrc | 5.3 | |
| emc | rsa_archer_smartsuite | 4.3 | |
| emc | rsa_archer_smartsuite | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C8BE8-3091-4E1B-AA6F-F05DD4EBEE0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "EMC RSA Archer v5.x anterior a GRC 5.3SP1, y Archer Smart Suite Framework v4.x, permite a atacantes remotos autenticados eludir las restricciones de acceso y subir ficheros de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2013-0932",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-07T12:23:42.127",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-2517 (GCVE-0-2014-2517)
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69287 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030738 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95363 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69287"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "rsaarcher-cve20142517-priv-esc(95363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "69287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69287"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "rsaarcher-cve20142517-priv-esc(95363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69287"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "rsaarcher-cve20142517-priv-esc(95363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2517",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4999 (GCVE-0-2017-4999)
Vulnerability from cvelistv5
Published
2017-07-07 00:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authorization Bypass Through User-Controlled Key Vulnerability
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99354 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038815 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2017/Jun/49 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
Version: RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users\u0027 discussion forum messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass Through User-Controlled Key Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users\u0027 discussion forum messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4999",
"datePublished": "2017-07-07T00:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2293 (GCVE-0-2012-2293)
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-09-16 22:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-06T11:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2012-2293",
"datePublished": "2013-02-06T11:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:29.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4633 (GCVE-0-2014-4633)
Vulnerability from cvelistv5
Published
2014-12-12 18:00
Modified
2024-08-06 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T18:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4633",
"datePublished": "2014-12-12T18:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5000 (GCVE-0-2017-5000)
Vulnerability from cvelistv5
Published
2017-07-07 00:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure Vulnerability
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99354 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038815 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2017/Jun/49 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
Version: RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-5000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-5000",
"datePublished": "2017-07-07T00:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1064 (GCVE-0-2012-1064)
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-09-16 22:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-06T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1064",
"datePublished": "2013-02-06T11:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:26:21.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5001 (GCVE-0-2017-5001)
Vulnerability from cvelistv5
Published
2017-07-07 00:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross Site Scripting Vulnerability
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99354 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038815 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2017/Jun/49 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
Version: RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-5001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-5001",
"datePublished": "2017-07-07T00:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5002 (GCVE-0-2017-5002)
Vulnerability from cvelistv5
Published
2017-07-07 00:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect Vulnerability
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99354 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038815 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2017/Jun/49 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
Version: RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims\u0027 credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-5002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims\u0027 credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-5002",
"datePublished": "2017-07-07T00:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6178 (GCVE-0-2013-6178)
Vulnerability from cvelistv5
Published
2013-12-19 22:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1029523 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131219 ESA-2013-079: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html"
},
{
"name": "1029523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-06T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20131219 ESA-2013-079: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html"
},
{
"name": "1029523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131219 ESA-2013-079: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html"
},
{
"name": "1029523",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-6178",
"datePublished": "2013-12-19T22:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0640 (GCVE-0-2014-0640)
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95362 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030738 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69288 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rsaarcher-cve20140640-info-disc(95362)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "rsaarcher-cve20140640-info-disc(95362)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rsaarcher-cve20140640-info-disc(95362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0640",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0542 (GCVE-0-2015-0542)
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033300 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/85 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76404 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033300"
},
{
"name": "20150817 ESA-2015-094: RSA Archer GRC Multiple Cross-Site Request Forgery Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/85"
},
{
"name": "76404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033300"
},
{
"name": "20150817 ESA-2015-094: RSA Archer GRC Multiple Cross-Site Request Forgery Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/85"
},
{
"name": "76404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033300"
},
{
"name": "20150817 ESA-2015-094: RSA Archer GRC Multiple Cross-Site Request Forgery Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/85"
},
{
"name": "76404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0542",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0639 (GCVE-0-2014-0639)
Vulnerability from cvelistv5
Published
2014-05-25 22:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030281 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/67602 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html"
},
{
"name": "20140523 ESA-2014-021: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html"
},
{
"name": "67602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1030281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html"
},
{
"name": "20140523 ESA-2014-021: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html"
},
{
"name": "67602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030281"
},
{
"name": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html"
},
{
"name": "20140523 ESA-2014-021: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html"
},
{
"name": "67602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0639",
"datePublished": "2014-05-25T22:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2292 (GCVE-0-2012-2292)
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-09-17 00:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-06T11:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-2292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2012-2292",
"datePublished": "2013-02-06T11:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:35:57.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0899 (GCVE-0-2016-0899)
Vulnerability from cvelistv5
Published
2016-07-04 16:00
Modified
2024-08-05 22:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2016/Jun/54 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1036080 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160613 ESA-2016-047: RSA Archer GRC Platform Sensitive Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/54"
},
{
"name": "1036080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160613 ESA-2016-047: RSA Archer GRC Platform Sensitive Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/54"
},
{
"name": "1036080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160613 ESA-2016-047: RSA Archer GRC Platform Sensitive Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/54"
},
{
"name": "1036080",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0899",
"datePublished": "2016-07-04T16:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3276 (GCVE-0-2013-3276)
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3276",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:45.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0933 (GCVE-0-2013-0933)
Vulnerability from cvelistv5
Published
2013-05-07 10:00
Modified
2024-09-17 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-07T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0933",
"datePublished": "2013-05-07T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-17T02:32:19.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0932 (GCVE-0-2013-0932)
Vulnerability from cvelistv5
Published
2013-05-07 10:00
Modified
2024-09-17 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-07T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0932",
"datePublished": "2013-05-07T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-17T00:10:35.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0641 (GCVE-0-2014-0641)
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69289 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95361 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030738 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:20.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69289"
},
{
"name": "rsaarcher-cve20140641-csrf (95361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95361"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "69289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69289"
},
{
"name": "rsaarcher-cve20140641-csrf (95361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95361"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69289"
},
{
"name": "rsaarcher-cve20140641-csrf (95361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95361"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0641",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:20.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4998 (GCVE-0-2017-4998)
Vulnerability from cvelistv5
Published
2017-07-07 00:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Request Forgery Vulnerability
Summary
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99354 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038815 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2017/Jun/49 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
Version: RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user\u0027s privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "99354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user\u0027s privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4998",
"datePublished": "2017-07-07T00:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0934 (GCVE-0-2013-0934)
Vulnerability from cvelistv5
Published
2013-05-07 10:00
Modified
2024-09-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-07T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0934",
"datePublished": "2013-05-07T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T17:49:17.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2505 (GCVE-0-2014-2505)
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95360 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030738 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69290 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rsaarcher-cve20142505-code-exec(95360)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95360"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product\u0027s functionality, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "rsaarcher-cve20142505-code-exec(95360)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95360"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product\u0027s functionality, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rsaarcher-cve20142505-code-exec(95360)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95360"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2505",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2294 (GCVE-0-2012-2294)
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-06T11:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2012-2294",
"datePublished": "2013-02-06T11:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:32:27.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3277 (GCVE-0-2013-3277)
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3277",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:41:12.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}