Rsa Archer

33 CVEs affecting Rsa Archer. Latest disclosed: 2022-08-25. Critical: 2, High: 8.

Top CVEs affecting Rsa Archer
CVESeverityScorePublishedSummary
CVE-2019-3758Critical9.82019-09-18RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts wi…
CVE-2022-30584Critical9.62022-05-26Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited…
CVE-2020-5331High8.82020-05-04RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache…
CVE-2018-11060High8.82018-07-24RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potent…
CVE-2020-5334High8.22020-05-04RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attac…
CVE-2018-11059High8.22018-07-24RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially expl…
CVE-2022-37317High7.62022-08-25Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tr…
CVE-2021-33615High7.52022-06-02RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
CVE-2020-5332High7.22020-05-04RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could…
CVE-2022-37318High7.02022-08-25Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially ex…
CVE-2022-37316Medium6.52022-08-25Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present u…
CVE-2022-30585Medium6.52022-05-26The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentia…
CVE-2021-38362Medium6.52022-03-30In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct O…
CVE-2022-26951Medium6.52022-03-30Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this v…
CVE-2021-41594Medium6.52022-03-30In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2…
CVE-2019-3756Medium6.52019-09-18RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to…
CVE-2022-26947Medium6.32022-03-30Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulner…
CVE-2020-26884Medium6.12020-11-18RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability…
CVE-2022-26948Medium5.82022-03-30The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may…
CVE-2021-33616Medium5.42022-04-04RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.