Vulnerabilities > RSA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-1182 | Improper Privilege Management vulnerability in multiple products An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). | 7.2 |
| 2017-11-29 | CVE-2017-14377 | Improper Authentication vulnerability in RSA Authentication Agent for web 8.0/8.0.1 EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. | 7.5 |
| 2017-10-11 | CVE-2017-14372 | Cross-site Scripting vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. | 4.3 |
| 2017-10-11 | CVE-2017-14371 | Cross-site Scripting vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. | 4.3 |
| 2017-10-11 | CVE-2017-14370 | Cross-site Scripting vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. | 3.5 |
| 2017-10-11 | CVE-2017-14369 | Unspecified vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. | 4.0 |
| 2017-07-17 | CVE-2017-8005 | Cross-site Scripting vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. | 3.5 |
| 2017-07-17 | CVE-2017-8004 | Improper Input Validation vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. | 6.5 |
| 2017-06-09 | CVE-2017-5004 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 3.5 |
| 2017-06-09 | CVE-2017-5003 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 4.3 |