Vulnerabilities > RSA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-13 | CVE-2019-3711 | RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. | 4.0 |
| 2019-01-03 | CVE-2018-15780 | Unspecified vulnerability in RSA Archer GRC Platform RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. | 4.0 |
| 2018-09-28 | CVE-2018-11074 | Cross-site Scripting vulnerability in multiple products RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. | 4.3 |
| 2018-08-24 | CVE-2018-11065 | SQL Injection vulnerability in RSA Archer The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. | 4.0 |
| 2018-07-24 | CVE-2018-11060 | Unspecified vulnerability in RSA Archer 6.4.0.0 RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. | 6.5 |
| 2018-07-11 | CVE-2018-11049 | Uncontrolled Search Path Element vulnerability in multiple products RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. | 6.9 |
| 2018-06-05 | CVE-2018-1252 | SQL Injection vulnerability in RSA web Threat Detection RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. | 6.5 |
| 2018-05-08 | CVE-2018-1248 | Open Redirect vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. | 5.8 |
| 2018-05-08 | CVE-2018-1247 | XXE vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. | 5.8 |
| 2018-03-30 | CVE-2018-1233 | Cross-site Scripting vulnerability in RSA Authentication Agent FOR web RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. | 4.3 |