Vulnerabilities > EMC > RSA Archer Egrc > 5.4

DATE CVE VULNERABILITY TITLE RISK
2014-12-12 CVE-2014-4633 Cross-Site Scripting vulnerability in EMC RSA Archer Egrc
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3
2014-08-20 CVE-2014-2517 Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
network
low complexity
emc
6.5
6.5
2014-08-20 CVE-2014-2505 Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
emc
5.4
5.4
2014-08-20 CVE-2014-0641 Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
network
emc CWE-352
6.8
6.8
2014-08-20 CVE-2014-0640 Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
network
low complexity
emc CWE-264
4.0
4.0
2014-05-25 CVE-2014-0639 Cross-Site Scripting vulnerability in EMC RSA Archer Egrc
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3
2013-12-19 CVE-2013-6178 Cross-Site Scripting vulnerability in EMC RSA Archer Egrc
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3