Vulnerabilities > RSA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-1232 | Out-of-bounds Write vulnerability in RSA Authentication Agent FOR web RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. | 5.0 |
| 2017-10-11 | CVE-2017-14372 | Cross-site Scripting vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. | 4.3 |
| 2017-10-11 | CVE-2017-14371 | Cross-site Scripting vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. | 4.3 |
| 2017-10-11 | CVE-2017-14369 | Unspecified vulnerability in RSA Archer GRC Platform RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. | 4.0 |
| 2017-07-17 | CVE-2017-8004 | Improper Input Validation vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. | 6.5 |
| 2017-06-09 | CVE-2017-5003 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 4.3 |
| 2017-02-03 | CVE-2016-0919 | Cross-site Scripting vulnerability in RSA web Threat Detection 5.0/5.1/5.1.2 EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 4.3 |
| 2015-10-12 | CVE-2015-4547 | Information Exposure vulnerability in RSA web Threat Detection EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. | 4.0 |
| 2015-06-05 | CVE-2015-0541 | Cross-Site Request Forgery (CSRF) vulnerability in RSA web Threat Detection Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-11-07 | CVE-2014-4627 | SQL Injection vulnerability in RSA web Threat Detection SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |