Vulnerabilities > RSA > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2018-11060 | Unspecified vulnerability in RSA Archer 6.1.0.0/6.4.0.0 RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. | 8.8 |
| 2018-07-11 | CVE-2018-11049 | Uncontrolled Search Path Element vulnerability in multiple products RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. | 7.3 |
| 2018-06-05 | CVE-2018-1252 | SQL Injection vulnerability in RSA web Threat Detection RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. | 8.8 |
| 2018-05-08 | CVE-2018-1247 | XXE vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. | 7.1 |
| 2018-03-30 | CVE-2018-1232 | Out-of-bounds Write vulnerability in RSA Authentication Agent for web 8.0/8.0.1 RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. | 7.5 |
| 2018-03-08 | CVE-2018-1182 | Improper Privilege Management vulnerability in multiple products An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). | 7.8 |
| 2017-07-17 | CVE-2017-8004 | Improper Input Validation vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. | 7.2 |
| 2014-11-07 | CVE-2014-4627 | SQL Injection vulnerability in RSA web Threat Detection SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |