Vulnerabilities > RSA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2022-47529 | Unspecified vulnerability in RSA Netwitness 11.2.1.1 Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | 6.7 |
| 2022-05-26 | CVE-2022-30585 | Unspecified vulnerability in RSA Archer The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. | 6.5 |
| 2022-03-30 | CVE-2021-38362 | Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 4.0 |
| 2022-03-30 | CVE-2021-41594 | Unspecified vulnerability in RSA Archer In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. | 4.0 |
| 2022-03-30 | CVE-2022-26948 | Insufficiently Protected Credentials vulnerability in RSA Archer The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. | 5.0 |
| 2022-03-30 | CVE-2022-26949 | Unspecified vulnerability in RSA Archer Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. | 6.5 |
| 2022-03-30 | CVE-2022-26950 | Open Redirect vulnerability in RSA Archer Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. | 5.8 |
| 2022-03-30 | CVE-2022-26951 | Cross-site Scripting vulnerability in RSA Archer Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. | 4.3 |
| 2021-01-29 | CVE-2020-29538 | Incorrect Authorization vulnerability in RSA Archer Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. | 4.0 |
| 2021-01-29 | CVE-2020-29537 | Open Redirect vulnerability in RSA Archer Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. | 4.9 |