threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rsa archer
Product
rsa archer
88 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-37318
>= 6.9.2.2 and < 6.10.0.4
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Arc
7.0
HIGH
CVE-2022-37317
>= 6.0 and < 6.10.0.4
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exp
7.6
HIGH
CVE-2022-37316
>= 6.8 and < 6.10.0.3.1
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system tha
6.5
MEDIUM
CVE-2021-33615
>= 6.0.0 and < 6.9.3.4
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
7.5
HIGH
CVE-2022-30585
>= 6.3 and < 6.9.3.4
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated
6.5
MEDIUM
CVE-2022-30584
>= 6.3 and < 6.9.3.4
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that co
9.6
CRITICAL
CVE-2021-33616
>= 6.1.0.0 and <= 6.9.1.4
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
5.4
MEDIUM
CVE-2021-38362
>= 6.1.0.0 and < 6.9.3.0.1
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulne
6.5
MEDIUM
CVE-2022-26951
>= 6.1.0.0 and < 6.10.0.1
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user cou
6.5
MEDIUM
CVE-2022-26950
>= 6.1.0.0 and < 6.9.0.3
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially
5.4
MEDIUM
CVE-2022-26949
>= 6.1.0.0 and < 6.9.2.2
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated m
5.3
MEDIUM
CVE-2022-26948
>= 6.1.0.0 and < 6.9.1.1
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerabili
5.8
MEDIUM
CVE-2022-26947
>= 6.1.0.0 and < 6.9.3.1
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could po
6.3
MEDIUM
CVE-2021-41594
>= 6.1.0.0 and < 6.9.3.3
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting t
6.5
MEDIUM
CVE-2021-29253
>= 6.4 and < 6.6.0.8
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vuln
5.1
MEDIUM
CVE-2021-29252
>= 6.6 and < 6.6.0.8
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with acce
5.4
MEDIUM
CVE-2020-29538
>= 6.6 and < 6.6.0.8
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious admin
4.9
MEDIUM
CVE-2020-29537
>= 6.6 and < 6.6.0.8
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirec
4.6
MEDIUM
CVE-2020-29536
>= 6.6 and < 6.6.0.8
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access
4.3
MEDIUM
CVE-2020-29535
>= 6.6 and < 6.6.0.8
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially
5.3
MEDIUM
CVE-2020-26884
>= 6.8 and <= 6.8.0.3
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentiall
6.1
MEDIUM
CVE-2020-5337
< 6.7.0.1
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could p
4.6
MEDIUM
CVE-2020-5336
< 6.7.0.1
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potential
4.6
MEDIUM
CVE-2020-5335
< 6.7.0.2
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attac
5.0
MEDIUM
CVE-2020-5334
< 6.7.0.2
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A
8.2
HIGH
CVE-2020-5333
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authentica
4.3
MEDIUM
CVE-2020-5332
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with ad
7.2
HIGH
CVE-2020-5331
< 6.7.0.3
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could
8.8
HIGH
CVE-2019-18574
< 8.4
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security C
4.8
MEDIUM
CVE-2019-3758
< 6.6.0.2
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmi
9.8
CRITICAL
CVE-2019-3756
< 6.6.0.3
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backe
6.5
MEDIUM
CVE-2019-3716
< 6.5.2.0
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get log
7.8
HIGH
CVE-2019-3715
< 6.5
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plai
7.8
HIGH
CVE-2019-3711
< 8.4
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operation
5.8
MEDIUM
CVE-2018-15782
< 8.4
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerabi
7.7
HIGH
CVE-2018-15780
< 6.5.0.1
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially e
4.3
MEDIUM
CVE-2018-11075
<= 8.3
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console p
5.8
MEDIUM
CVE-2018-11074
<= 8.3
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in
6.1
MEDIUM
CVE-2018-11073
<= 8.3
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console.
6.5
MEDIUM
CVE-2018-11065
>= 6.1.0.0 and < 6.1.0.3
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4
2.7
LOW
CVE-2018-11060
>= 6.1.0.0 and < 6.1.0.3
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malic
8.8
HIGH
CVE-2018-11059
>= 6.1.0.0 and < 6.1.0.3
RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Arche
8.2
HIGH
CVE-2018-11049
all versions
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerab
7.3
HIGH
CVE-2018-1252
< 6.4
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applica
8.8
HIGH
CVE-2018-1248
<= 8.3
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a
6.1
MEDIUM
CVE-2018-1247
<= 8.3
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This cou
7.1
HIGH
CVE-2018-1234
<= 8.0.1
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permis
5.5
MEDIUM
CVE-2018-1233
<= 8.0.1
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripti
6.1
MEDIUM
CVE-2018-1232
<= 8.0.1
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer
7.5
HIGH
CVE-2018-1182
all versions
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance a
7.8
HIGH
CVE-2017-14377
all versions
EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server versio
9.8
CRITICAL
CVE-2017-14372
<= 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help
6.1
MEDIUM
CVE-2017-14371
<= 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potent
6.1
MEDIUM
CVE-2017-14370
<= 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticate
5.4
MEDIUM
CVE-2017-14369
<= 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may
4.3
MEDIUM
CVE-2017-8005
all versions
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and
5.4
MEDIUM
CVE-2017-8004
all versions
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and
7.2
HIGH
CVE-2017-5004
all versions
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (
5.4
MEDIUM
CVE-2017-5003
all versions
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (
6.1
MEDIUM
CVE-2016-0919
all versions
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross
6.1
MEDIUM
CVE-2015-4548
<= 5.1
EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account
CVE-2015-4547
<= 5.1
EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authen
CVE-2015-0541
<= 5.0
Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the a
CVE-2014-4627
>= 4.0 and < 4.6.1.1
SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitr
8.8
HIGH
CVE-2013-3273
all versions
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext adminis
CVE-2013-0947
all versions
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in pro
CVE-2012-2280
all versions
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which a
CVE-2012-2279
all versions
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance
CVE-2012-2278
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentica
CVE-2012-0403
all versions
Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecif
CVE-2012-0402
all versions
EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obta
CVE-2012-0401
all versions
Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbi
CVE-2012-0400
all versions
EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it ea
CVE-2012-0399
all versions
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject ar
CVE-2011-4143
all versions
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment var
CVE-2011-4141
all versions
Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a
CVE-2011-2737
<= 4.0
RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "a
CVE-2011-2736
all versions
RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remo
CVE-2010-3261
<= 7.0
Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified da
CVE-2010-2634
<= 3.7.0
RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors.
CVE-2008-6886
all versions
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which all
CVE-2007-4900
all versions
Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbi
CVE-2005-4734
all versions
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS a
CVE-2005-3329
<= 5.3
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arb
CVE-2005-1118
all versions
Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers
CVE-2002-0507
all versions
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication
CVE-2001-1462
all versions
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebI
CVE-2001-1461
all versions
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 20
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin