Vulnerabilities > RSA

DATE CVE VULNERABILITY TITLE RISK
2018-07-24 CVE-2018-11060 Unspecified vulnerability in RSA Archer 6.4.0.0
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API.
network
low complexity
rsa
6.5
2018-07-24 CVE-2018-11059 Cross-site Scripting vulnerability in RSA Archer 6.4.0.0
RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability.
network
rsa CWE-79
3.5
2018-07-11 CVE-2018-11049 Uncontrolled Search Path Element vulnerability in multiple products
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability.
local
rsa emc CWE-427
6.9
2018-06-05 CVE-2018-1252 SQL Injection vulnerability in RSA web Threat Detection
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications.
network
low complexity
rsa CWE-89
6.5
2018-05-08 CVE-2018-1248 Open Redirect vulnerability in RSA Authentication Manager
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability.
network
rsa CWE-601
5.8
2018-05-08 CVE-2018-1247 XXE vulnerability in RSA Authentication Manager
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability.
network
rsa CWE-611
5.8
2018-03-30 CVE-2018-1234 Information Exposure vulnerability in RSA Authentication Agent FOR web
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users.
local
low complexity
rsa CWE-200
2.1
2018-03-30 CVE-2018-1233 Cross-site Scripting vulnerability in RSA Authentication Agent FOR web
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability.
network
rsa CWE-79
4.3
2018-03-30 CVE-2018-1232 Out-of-bounds Write vulnerability in RSA Authentication Agent FOR web
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats.
network
low complexity
rsa CWE-787
5.0
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.2