Vulnerabilities > EMC > RSA Archer Egrc

DATE CVE VULNERABILITY TITLE RISK
2017-07-07 CVE-2017-5002 Open Redirect vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability.
network
emc CWE-601
5.8
5.8
2017-07-07 CVE-2017-5001 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability.
network
low complexity
emc CWE-200
4.0
4.0
2017-07-07 CVE-2017-5000 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability.
network
low complexity
emc CWE-200
4.0
4.0
2017-07-07 CVE-2017-4999 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages.
network
low complexity
emc CWE-200
4.0
4.0
2017-07-07 CVE-2017-4998 Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability.
network
emc CWE-352
6.8
6.8
2016-07-04 CVE-2016-0899 Information Exposure vulnerability in EMC RSA Archer Egrc
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
network
emc CWE-200
3.5
3.5
2015-08-20 CVE-2015-0542 Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.5
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
network
emc CWE-352
6.8
6.8
2014-12-12 CVE-2014-4633 Cross-Site Scripting vulnerability in EMC RSA Archer Egrc
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3
2014-08-20 CVE-2014-2517 Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
network
low complexity
emc
6.5
6.5
2014-08-20 CVE-2014-2505 Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
emc
5.4
5.4