Vulnerabilities > RSA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-24 | CVE-2018-11065 | SQL Injection vulnerability in RSA Archer The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. | 4.0 |
| 2018-07-24 | CVE-2018-11060 | Unspecified vulnerability in RSA Archer 6.4.0.0 RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. | 6.5 |
| 2018-07-24 | CVE-2018-11059 | Cross-site Scripting vulnerability in RSA Archer 6.4.0.0 RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. | 3.5 |
| 2018-07-11 | CVE-2018-11049 | Uncontrolled Search Path Element vulnerability in multiple products RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. | 6.9 |
| 2018-06-05 | CVE-2018-1252 | SQL Injection vulnerability in RSA web Threat Detection RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. | 6.5 |
| 2018-05-08 | CVE-2018-1248 | Open Redirect vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. | 5.8 |
| 2018-05-08 | CVE-2018-1247 | XXE vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. | 5.8 |
| 2018-03-30 | CVE-2018-1234 | Information Exposure vulnerability in RSA Authentication Agent FOR web RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. | 2.1 |
| 2018-03-30 | CVE-2018-1233 | Cross-site Scripting vulnerability in RSA Authentication Agent FOR web RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. | 4.3 |
| 2018-03-30 | CVE-2018-1232 | Out-of-bounds Write vulnerability in RSA Authentication Agent FOR web RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. | 5.0 |