Vulnerabilities > RSA > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-28 CVE-2022-47529 Unspecified vulnerability in RSA Netwitness 11.2.1.1
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
local
low complexity
rsa
6.7
2022-08-25 CVE-2022-37316 Unspecified vulnerability in RSA Archer
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system.
network
low complexity
rsa
6.5
2022-08-25 CVE-2022-37317 Cross-site Scripting vulnerability in RSA Archer
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability.
network
low complexity
rsa CWE-79
5.4
2022-08-25 CVE-2022-37318 Cross-site Scripting vulnerability in RSA Archer
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability.
network
low complexity
rsa CWE-79
6.1
2022-05-26 CVE-2022-30585 Unspecified vulnerability in RSA Archer
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability.
network
low complexity
rsa
6.5
2022-04-04 CVE-2021-33616 Cross-site Scripting vulnerability in RSA Archer
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
network
low complexity
rsa CWE-79
5.4
2022-03-30 CVE-2021-38362 Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
network
low complexity
rsa CWE-639
6.5
2022-03-30 CVE-2021-41594 Unspecified vulnerability in RSA Archer
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint.
network
low complexity
rsa
6.5
2022-03-30 CVE-2022-26947 Cross-site Scripting vulnerability in RSA Archer
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability.
network
low complexity
rsa CWE-79
5.4
2022-03-30 CVE-2022-26949 Unspecified vulnerability in RSA Archer
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments.
network
low complexity
rsa
6.5