threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rsa archer
Product
rsa archer
61 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-27893
>= 6.0.0.0 and <= 6.14.00202.10024
In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fiel
1.8
LOW
CVE-2024-49211
>= 6.3.0.0 and < 2024.09
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remot
5.2
MEDIUM
CVE-2024-49210
>= 6.3.0.0 and < 2024.09
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unau
5.2
MEDIUM
CVE-2024-49209
>= 2024.03 and < 2024.09
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting appl
6.5
MEDIUM
CVE-2024-49208
>= 2024.03 and < 2024.08
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting applicat
5.9
MEDIUM
CVE-2024-41707
< 2024.06
An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote auth
4.8
MEDIUM
CVE-2024-41706
< 6.14.0.4
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could
7.3
HIGH
CVE-2024-41705
< 6.13.0.4
A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potent
7.1
HIGH
CVE-2024-34093
< 2024.03
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthent
5.3
MEDIUM
CVE-2024-34092
< 6.14.0.3
An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an exist
8.8
HIGH
CVE-2024-34091
< 6.14.0.3
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote
7.3
HIGH
CVE-2024-34090
< 6.14.0.3
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login
7.3
HIGH
CVE-2024-34089
< 6.14.0.3
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote
7.3
HIGH
CVE-2024-26312
< 2024.03
Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potent
4.3
MEDIUM
CVE-2024-26313
< 6.13.0.3.1
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authentic
7.3
HIGH
CVE-2024-26309
>= 6.3.0.0 and < 6.14.0.2.2
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated
5.3
MEDIUM
CVE-2024-26311
< 6.14.0.2.1
Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Arche
5.7
MEDIUM
CVE-2024-26310
< 6.14.0.2
Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious
4.3
MEDIUM
CVE-2023-48642
>= 6.0.0 and < 6.14.0
Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticat
5.4
MEDIUM
CVE-2023-48641
< 6.14.0.1.2
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated m
7.5
HIGH
CVE-2023-45358
>= 6.0 and < 6.13.0.2.2
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authentic
8.5
HIGH
CVE-2023-45357
>= 6.0 and < 6.13.0.2.2
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated at
4.3
MEDIUM
CVE-2023-37224
< 6.13.0.1
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive in
6.0
MEDIUM
CVE-2023-37223
< 6.13.0
Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote aut
5.4
MEDIUM
CVE-2023-32761
< 6.12.0.6
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an au
8.1
HIGH
CVE-2023-32760
< 6.12.0.6
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive in
7.7
HIGH
CVE-2023-32759
< 6.12.0.6
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive in
7.5
HIGH
CVE-2023-30639
>= 6.8.0.0 and <= 6.11.0.4
Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer u
7.1
HIGH
CVE-2022-37318
>= 6.9.2.2 and < 6.10.0.4
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Arc
7.0
HIGH
CVE-2022-37317
>= 6.0 and < 6.10.0.4
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exp
7.6
HIGH
CVE-2022-37316
>= 6.8 and < 6.10.0.3.1
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system tha
6.5
MEDIUM
CVE-2021-33615
>= 6.0.0 and < 6.9.3.4
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
7.5
HIGH
CVE-2022-30585
>= 6.3 and < 6.9.3.4
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated
6.5
MEDIUM
CVE-2022-30584
>= 6.3 and < 6.9.3.4
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that co
9.6
CRITICAL
CVE-2021-33616
>= 6.1.0.0 and <= 6.9.1.4
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
5.4
MEDIUM
CVE-2021-38362
>= 6.1.0.0 and < 6.9.3.0.1
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulne
6.5
MEDIUM
CVE-2022-26951
>= 6.1.0.0 and < 6.10.0.1
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user cou
6.5
MEDIUM
CVE-2022-26950
>= 6.1.0.0 and < 6.9.0.3
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially
5.4
MEDIUM
CVE-2022-26949
>= 6.1.0.0 and < 6.9.2.2
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated m
5.3
MEDIUM
CVE-2022-26948
>= 6.1.0.0 and < 6.9.1.1
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerabili
5.8
MEDIUM
CVE-2022-26947
>= 6.1.0.0 and < 6.9.3.1
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could po
6.3
MEDIUM
CVE-2021-41594
>= 6.1.0.0 and < 6.9.3.3
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting t
6.5
MEDIUM
CVE-2021-29253
>= 6.4 and < 6.6.0.8
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vuln
5.1
MEDIUM
CVE-2021-29252
>= 6.6 and < 6.6.0.8
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with acce
5.4
MEDIUM
CVE-2020-29538
>= 6.6 and < 6.6.0.8
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious admin
4.9
MEDIUM
CVE-2020-29537
>= 6.6 and < 6.6.0.8
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirec
4.6
MEDIUM
CVE-2020-29536
>= 6.6 and < 6.6.0.8
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access
4.3
MEDIUM
CVE-2020-29535
>= 6.6 and < 6.6.0.8
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially
5.3
MEDIUM
CVE-2020-26884
>= 6.8 and <= 6.8.0.3
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentiall
6.1
MEDIUM
CVE-2020-5337
< 6.7.0.1
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could p
4.6
MEDIUM
CVE-2020-5336
< 6.7.0.1
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potential
4.6
MEDIUM
CVE-2020-5335
< 6.7.0.2
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attac
5.0
MEDIUM
CVE-2020-5334
< 6.7.0.2
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A
8.2
HIGH
CVE-2020-5333
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authentica
4.3
MEDIUM
CVE-2020-5332
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with ad
7.2
HIGH
CVE-2020-5331
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could
8.8
HIGH
CVE-2019-3758
< 6.6.0.2
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmi
9.8
CRITICAL
CVE-2019-3756
< 6.6.0.3
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backe
6.5
MEDIUM
CVE-2018-11065
>= 6.1.0.0 and < 6.1.0.3
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4
2.7
LOW
CVE-2018-11060
>= 6.1.0.0 and < 6.1.0.3
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malic
8.8
HIGH
CVE-2018-11059
>= 6.1.0.0 and < 6.1.0.3
RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Arche
8.2
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin