Vulnerabilities > EMC > RSA Archer Egrc > 5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-0899 | Information Exposure vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | 3.5 |
| 2015-08-20 | CVE-2015-0542 | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-12-12 | CVE-2014-4633 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-08-20 | CVE-2014-2517 | Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
| 2014-08-20 | CVE-2014-2505 | Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | 5.4 |
| 2014-08-20 | CVE-2014-0641 | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-08-20 | CVE-2014-0640 | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | 4.0 |