CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33615
https://notcve.org/view.php?id=CVE-2021-33615
02 Jun 2022 — RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. RSA Archer versión 6.8.00500.1003 P5, permite una Carga sin Restricciones de un Archivo con un Tipo Peligroso • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30584
https://notcve.org/view.php?id=CVE-2022-30584
26 May 2022 — Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. Archer Platform versiones 6.3 anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de control de acceso inapropiado dentro de la funcionalidad SSO ADFS que podría ser explotada por usuarios maliciosos para comprometer el siste... • https://www.archerirm.community/t5/releases/tkb-p/releases •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30585
https://notcve.org/view.php?id=CVE-2022-30585
26 May 2022 — The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. La API REST en Archer Platform versiones 6.x anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de Omisión de Autorización. Un usuario malicioso autenticado de forma remota podría explotar esta vulnerabilidad para ve... • https://www.archerirm.community/t5/releases/tkb-p/releases •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33616
https://notcve.org/view.php?id=CVE-2021-33616
04 Apr 2022 — RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. RSA Archer versiones 6.x hasta 6.9 SP1 P4 (6.9.1.4) permite un ataque de tipo XSS almacenado • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38362
https://notcve.org/view.php?id=CVE-2021-38362
30 Mar 2022 — In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. En RSA Archer versiones 6.x hasta 6.9 SP3 (6.9.3.0), un atacante autenticado puede hacer una petición GET a un endpoint de la API REST que es vulnerable a un problema de Referencia Directa a Objetos Insegura (IDOR) y recuperar datos confidenciales • https://github.com/fireeye/Vulnerability-Disclosures • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41594
https://notcve.org/view.php?id=CVE-2021-41594
29 Mar 2022 — In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. En RSA Archer versión 6.9.SP1 P3, si algunas funciones de la aplicación son excluidas por el Administrador, esto puede ser evitado al interceptar la petición de la API en el endp... • https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26951
https://notcve.org/view.php?id=CVE-2022-26951
29 Mar 2022 — Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. Archer 6.x hasta 6.10 (6.10.0.0) contiene una vulnerabilidad de tipo XSS re... • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26950
https://notcve.org/view.php?id=CVE-2022-26950
29 Mar 2022 — Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. Archer versiones 6.x hasta 6.9 P2 (6.9.0.2) está afectado por una vulnerabilidad de redireccionamiento abierto. Un atacante remoto no privile... • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26949
https://notcve.org/view.php?id=CVE-2022-26949
29 Mar 2022 — Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. Archer versiones 6.x hasta 6.9 SP2 P1 (6.9.2.1) contiene una vulnerabilidad de control de acceso inapropiado en los archivos adjuntos. Un usuario malicioso autenticado de forma remota podría explotar esta vulnerabilidad para conseguir acceso a archiv... • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26948
https://notcve.org/view.php?id=CVE-2022-26948
29 Mar 2022 — The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. La integración de fuentes RSS de Archer para Archer versiones 6.x hasta 6.9 SP1 (6.9.1.0) está afectada por una vulnerabilidad de almacenamiento de credenciales no segura. Un atacante malicioso puede obtener acceso a la información de las credenciales para usarla en otros ataques • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support • CWE-522: Insufficiently Protected Credentials •