CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4542
https://notcve.org/view.php?id=CVE-2015-4542
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. Vulnerabilidad en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y leer o modificar los mensajes Discussion Forum Fields, a través de vectores no especificados. • http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html http://seclists.org/bugtraq/2015/Sep/105 http://www.securitytracker.com/id/1033649 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4543
https://notcve.org/view.php?id=CVE-2015-4543
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. Vulnerabilidad en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, utiliza texto plano para almacenar contraseñas en circunstancias no especificadas, lo que permite a usuarios remotos autenticados obtener información sensible mediante la lectura de campos de la base de datos. • http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html http://seclists.org/bugtraq/2015/Sep/105 http://www.securitytracker.com/id/1033649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0542
https://notcve.org/view.php?id=CVE-2015-0542
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. Vulnerabilidades de CSRF múltiples en EMC RSA Archer GRC 5.5 SP1 en versiones anteriores a P3, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://seclists.org/bugtraq/2015/Aug/85 http://www.securityfocus.com/bid/76404 http://www.securitytracker.com/id/1033300 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4633
https://notcve.org/view.php?id=CVE-2014-4633
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Archer GRC Platform 5.x anterior a 5.5.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0641
https://notcve.org/view.php?id=CVE-2014-0641
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html http://www.securityfocus.com/bid/69289 http://www.securitytracker.com/id/1030738 https://exchange.xforce.ibmcloud.com/vulnerabilities/95361 • CWE-352: Cross-Site Request Forgery (CSRF) •