CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4541
https://notcve.org/view.php?id=CVE-2015-4541
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html http://seclists.org/bugtraq/2015/Sep/105 http://www.securitytracker.com/id/1033649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4542
https://notcve.org/view.php?id=CVE-2015-4542
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. Vulnerabilidad en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y leer o modificar los mensajes Discussion Forum Fields, a través de vectores no especificados. • http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html http://seclists.org/bugtraq/2015/Sep/105 http://www.securitytracker.com/id/1033649 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4543
https://notcve.org/view.php?id=CVE-2015-4543
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. Vulnerabilidad en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, utiliza texto plano para almacenar contraseñas en circunstancias no especificadas, lo que permite a usuarios remotos autenticados obtener información sensible mediante la lectura de campos de la base de datos. • http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html http://seclists.org/bugtraq/2015/Sep/105 http://www.securitytracker.com/id/1033649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •