Vulnerabilities > EMC > RSA Archer Egrc > 5.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-04 | CVE-2016-0899 | Information Exposure vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | 3.5 |
2014-12-12 | CVE-2014-4633 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |