Vulnerabilities > RSA

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-26884 Injection vulnerability in RSA Archer 6.8/6.8.0.3/6.9
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability.
network
rsa CWE-74
4.3
2020-07-31 CVE-2020-5384 Improper Authentication vulnerability in RSA Multifactor Authentication Agent 2.0
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability.
local
low complexity
rsa CWE-287
7.2
2020-05-04 CVE-2020-5337 Open Redirect vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability.
network
rsa CWE-601
5.8
2020-05-04 CVE-2020-5336 Injection vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability.
network
rsa CWE-74
5.8
2020-05-04 CVE-2020-5335 Cross-Site Request Forgery (CSRF) vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability.
network
rsa CWE-352
6.8
2020-05-04 CVE-2020-5334 Cross-Site Scripting vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability.
network
rsa CWE-79
4.3
2020-05-04 CVE-2020-5333 Incorrect Authorization vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API.
network
low complexity
rsa CWE-863
4.0
2020-05-04 CVE-2020-5332 OS Command Injection vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability.
network
low complexity
rsa CWE-78
critical
9.0
2020-05-04 CVE-2020-5331 Information Exposure vulnerability in RSA Archer
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability.
local
low complexity
rsa CWE-200
2.1
2019-12-03 CVE-2019-18574 Cross-Site Scripting vulnerability in multiple products
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console.
network
emc rsa CWE-79
3.5