Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for archer_grc_platform by emc

    CVE-2017-8025 (GCVE-0-2017-8025)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Upload Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Upload Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Upload Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8025",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8016 (GCVE-0-2017-8016)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform versions prior to 6.2.0.5 Affected: RSA Archer GRC Platform versions prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform versions prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform versions prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8016",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8016 (GCVE-0-2017-8016)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform versions prior to 6.2.0.5 Affected: RSA Archer GRC Platform versions prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform versions prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform versions prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8016",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8025 (GCVE-0-2017-8025)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary File Upload Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Upload Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Upload Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8025",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }