Vulnerabilities > RSA

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2021-33615 Unrestricted Upload of File with Dangerous Type vulnerability in RSA Archer
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
network
rsa CWE-434
8.5
2022-05-26 CVE-2022-30584 Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
rsa CWE-863
critical
9.0
2022-05-26 CVE-2022-30585 Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability.
network
low complexity
rsa CWE-863
4.0
2022-04-04 CVE-2021-33616 Cross-site Scripting vulnerability in RSA Archer
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
network
rsa CWE-79
3.5
2022-03-30 CVE-2021-38362 Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
network
low complexity
rsa CWE-639
4.0
2022-03-30 CVE-2021-41594 Unspecified vulnerability in RSA Archer
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint.
network
low complexity
rsa
4.0
2022-03-30 CVE-2022-26947 Cross-site Scripting vulnerability in RSA Archer
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability.
network
rsa CWE-79
3.5
2022-03-30 CVE-2022-26948 Insufficiently Protected Credentials vulnerability in RSA Archer
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability.
network
low complexity
rsa CWE-522
5.0
2022-03-30 CVE-2022-26949 Incorrect Authorization vulnerability in RSA Archer
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments.
network
low complexity
rsa CWE-863
4.0
2022-03-30 CVE-2022-26950 Open Redirect vulnerability in RSA Archer
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability.
network
rsa CWE-601
5.8