Vulnerabilities > RSA > Archer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2022-37316 | Unspecified vulnerability in RSA Archer Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. | 6.5 |
| 2022-08-25 | CVE-2022-37317 | Cross-site Scripting vulnerability in RSA Archer Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. | 5.4 |
| 2022-08-25 | CVE-2022-37318 | Cross-site Scripting vulnerability in RSA Archer Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. | 6.1 |
| 2022-06-02 | CVE-2021-33615 | Unrestricted Upload of File with Dangerous Type vulnerability in RSA Archer RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | 7.5 |
| 2022-05-26 | CVE-2022-30584 | Unspecified vulnerability in RSA Archer Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. | 8.8 |
| 2022-05-26 | CVE-2022-30585 | Unspecified vulnerability in RSA Archer The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. | 6.5 |
| 2022-04-04 | CVE-2021-33616 | Cross-site Scripting vulnerability in RSA Archer RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | 5.4 |
| 2022-03-30 | CVE-2021-38362 | Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 6.5 |
| 2022-03-30 | CVE-2021-41594 | Unspecified vulnerability in RSA Archer In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. | 6.5 |
| 2022-03-30 | CVE-2022-26947 | Cross-site Scripting vulnerability in RSA Archer Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. | 5.4 |