Rsa Archer
33 CVEs affecting Rsa Archer. Latest disclosed: 2022-08-25. Critical: 2, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-3758 | Critical | 9.8 | 2019-09-18 | RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts wi… |
CVE-2022-30584 | Critical | 9.6 | 2022-05-26 | Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited… |
CVE-2020-5331 | High | 8.8 | 2020-05-04 | RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache… |
CVE-2018-11060 | High | 8.8 | 2018-07-24 | RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potent… |
CVE-2020-5334 | High | 8.2 | 2020-05-04 | RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attac… |
CVE-2018-11059 | High | 8.2 | 2018-07-24 | RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially expl… |
CVE-2022-37317 | High | 7.6 | 2022-08-25 | Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tr… |
CVE-2021-33615 | High | 7.5 | 2022-06-02 | RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. |
CVE-2020-5332 | High | 7.2 | 2020-05-04 | RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could… |
CVE-2022-37318 | High | 7.0 | 2022-08-25 | Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially ex… |
CVE-2022-37316 | Medium | 6.5 | 2022-08-25 | Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present u… |
CVE-2022-30585 | Medium | 6.5 | 2022-05-26 | The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentia… |
CVE-2021-38362 | Medium | 6.5 | 2022-03-30 | In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct O… |
CVE-2022-26951 | Medium | 6.5 | 2022-03-30 | Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this v… |
CVE-2021-41594 | Medium | 6.5 | 2022-03-30 | In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2… |
CVE-2019-3756 | Medium | 6.5 | 2019-09-18 | RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to… |
CVE-2022-26947 | Medium | 6.3 | 2022-03-30 | Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulner… |
CVE-2020-26884 | Medium | 6.1 | 2020-11-18 | RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability… |
CVE-2022-26948 | Medium | 5.8 | 2022-03-30 | The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may… |
CVE-2021-33616 | Medium | 5.4 | 2022-04-04 | RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. |