Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for archer_grc_platform by rsa

    CVE-2019-3715 (GCVE-0-2019-3715)

    Vulnerability from cvelistv5 – Published: 2019-03-13 22:00 – Updated: 2024-09-16 18:43
    VLAI
    Title
    Information Exposure Vulnerability
    Summary
    RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2019/Mar/19 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/107443 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5 P1 (custom)
    Create a notification for this product.
    Date Public
    2019-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
              },
              {
                "name": "107443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5 P1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-18T12:06:05.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
            },
            {
              "name": "107443",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107443"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-03-09T05:00:00.000Z",
              "ID": "CVE-2019-3715",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5 P1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
                },
                {
                  "name": "107443",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107443"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3715",
        "datePublished": "2019-03-13T22:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:43:54.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3716 (GCVE-0-2019-3716)

    Vulnerability from cvelistv5 – Published: 2019-03-13 22:00 – Updated: 2024-09-16 22:39
    VLAI
    Title
    Information Exposure Vulnerability
    Summary
    RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2019/Mar/19 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/107406 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5 P2 (custom)
    Create a notification for this product.
    Date Public
    2019-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
              },
              {
                "name": "107406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5 P2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-15T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
            },
            {
              "name": "107406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107406"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-03-09T05:00:00.000Z",
              "ID": "CVE-2019-3716",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5 P2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
                },
                {
                  "name": "107406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107406"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3716",
        "datePublished": "2019-03-13T22:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:54.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15780 (GCVE-0-2018-15780)

    Vulnerability from cvelistv5 – Published: 2019-01-03 21:00 – Updated: 2024-09-17 03:37
    VLAI
    Title
    DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability
    Summary
    RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.
    CWE
    • improper access control vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106396 vdb-entryx_refsource_BID
    https://seclists.org/fulldisclosure/2019/Jan/3 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5.0.1 (custom)
    Create a notification for this product.
    Date Public
    2018-12-28 00:00
    Credits
    RSA would like to thank Sam Sayen for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106396"
              },
              {
                "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RSA would like to thank Sam Sayen for reporting this vulnerability."
            }
          ],
          "datePublic": "2018-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "improper access control vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-04T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "106396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106396"
            },
            {
              "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-28T06:59:00.000Z",
              "ID": "CVE-2018-15780",
              "STATE": "PUBLIC",
              "TITLE": "DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "RSA would like to thank Sam Sayen for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "improper access control vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106396"
                },
                {
                  "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15780",
        "datePublished": "2019-01-03T21:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:26.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14370 (GCVE-0-2017-14370)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform versions prior to 6.2.0.5 Affected: RSA Archer GRC Platform versions prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform versions prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14370",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform versions prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14370",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14371 (GCVE-0-2017-14371)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14371",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14369 (GCVE-0-2017-14369)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14369",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14372 (GCVE-0-2017-14372)

    Vulnerability from cvelistv5 – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14372",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3716 (GCVE-0-2019-3716)

    Vulnerability from nvd – Published: 2019-03-13 22:00 – Updated: 2024-09-16 22:39
    VLAI
    Title
    Information Exposure Vulnerability
    Summary
    RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2019/Mar/19 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/107406 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5 P2 (custom)
    Create a notification for this product.
    Date Public
    2019-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
              },
              {
                "name": "107406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5 P2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-15T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
            },
            {
              "name": "107406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107406"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-03-09T05:00:00.000Z",
              "ID": "CVE-2019-3716",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5 P2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
                },
                {
                  "name": "107406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107406"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3716",
        "datePublished": "2019-03-13T22:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:54.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3715 (GCVE-0-2019-3715)

    Vulnerability from nvd – Published: 2019-03-13 22:00 – Updated: 2024-09-16 18:43
    VLAI
    Title
    Information Exposure Vulnerability
    Summary
    RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.
    CWE
    • Information Exposure Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2019/Mar/19 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/107443 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5 P1 (custom)
    Create a notification for this product.
    Date Public
    2019-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
              },
              {
                "name": "107443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5 P1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-18T12:06:05.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
            },
            {
              "name": "107443",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107443"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-03-09T05:00:00.000Z",
              "ID": "CVE-2019-3715",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5 P1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Mar/19"
                },
                {
                  "name": "107443",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107443"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3715",
        "datePublished": "2019-03-13T22:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:43:54.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15780 (GCVE-0-2018-15780)

    Vulnerability from nvd – Published: 2019-01-03 21:00 – Updated: 2024-09-17 03:37
    VLAI
    Title
    DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability
    Summary
    RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.
    CWE
    • improper access control vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106396 vdb-entryx_refsource_BID
    https://seclists.org/fulldisclosure/2019/Jan/3 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Dell RSA Archer Affected: unspecified , < 6.5.0.1 (custom)
    Create a notification for this product.
    Date Public
    2018-12-28 00:00
    Credits
    RSA would like to thank Sam Sayen for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106396"
              },
              {
                "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "6.5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RSA would like to thank Sam Sayen for reporting this vulnerability."
            }
          ],
          "datePublic": "2018-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "improper access control vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-04T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "106396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106396"
            },
            {
              "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-28T06:59:00.000Z",
              "ID": "CVE-2018-15780",
              "STATE": "PUBLIC",
              "TITLE": "DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.5.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "RSA would like to thank Sam Sayen for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "improper access control vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106396"
                },
                {
                  "name": "20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2019/Jan/3"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15780",
        "datePublished": "2019-01-03T21:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:26.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14372 (GCVE-0-2017-14372)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14372",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14371 (GCVE-0-2017-14371)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14371",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14370 (GCVE-0-2017-14370)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross Site Scripting
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform versions prior to 6.2.0.5 Affected: RSA Archer GRC Platform versions prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform versions prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14370",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform versions prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform versions prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user\u0027s browser session in the context of the affected RSA Archer application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14370",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14369 (GCVE-0-2017-14369)

    Vulnerability from nvd – Published: 2017-10-11 19:00 – Updated: 2024-08-05 19:27
    VLAI
    Summary
    RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101195 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039518 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Oct/12 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a RSA Archer GRC Platform prior to 6.2.0.5 Affected: RSA Archer GRC Platform prior to 6.2.0.5
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101195"
              },
              {
                "name": "1039518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Archer GRC Platform prior to 6.2.0.5",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA Archer GRC Platform prior to 6.2.0.5"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-12T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "101195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101195"
            },
            {
              "name": "1039518",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-14369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101195"
                },
                {
                  "name": "1039518",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039518"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Oct/12",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Oct/12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-14369",
        "datePublished": "2017-10-11T19:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:27:40.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }