Vulnerabilities > RSA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2021-33615 | Unrestricted Upload of File with Dangerous Type vulnerability in RSA Archer RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | 8.5 |
| 2022-05-26 | CVE-2022-30584 | Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1 Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. | 9.0 |
| 2022-05-26 | CVE-2022-30585 | Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1 The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. | 4.0 |
| 2022-04-04 | CVE-2021-33616 | Cross-site Scripting vulnerability in RSA Archer RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | 3.5 |
| 2022-03-30 | CVE-2021-38362 | Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 4.0 |
| 2022-03-30 | CVE-2021-41594 | Unspecified vulnerability in RSA Archer In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. | 4.0 |
| 2022-03-30 | CVE-2022-26947 | Cross-site Scripting vulnerability in RSA Archer Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. | 3.5 |
| 2022-03-30 | CVE-2022-26948 | Insufficiently Protected Credentials vulnerability in RSA Archer The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. | 5.0 |
| 2022-03-30 | CVE-2022-26949 | Incorrect Authorization vulnerability in RSA Archer Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. | 4.0 |
| 2022-03-30 | CVE-2022-26950 | Open Redirect vulnerability in RSA Archer Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. | 5.8 |