CVE-2021-33615
https://notcve.org/view.php?id=CVE-2021-33615
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. RSA Archer versión 6.8.00500.1003 P5, permite una Carga sin Restricciones de un Archivo con un Tipo Peligroso • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories https://github.com/fireeye/Vulnerability-Disclosures https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0027/MNDT-2022-0027.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-30584
https://notcve.org/view.php?id=CVE-2022-30584
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. Archer Platform versiones 6.3 anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de control de acceso inapropiado dentro de la funcionalidad SSO ADFS que podría ser explotada por usuarios maliciosos para comprometer el sistema afectado. Las versiones 6.10 P3 (6.10.0.3) y 6.9 SP3 P4 (6.9.3.4) también son versiones corregidas • https://www.archerirm.community/t5/releases/tkb-p/releases https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/677341 •
CVE-2022-30585
https://notcve.org/view.php?id=CVE-2022-30585
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. La API REST en Archer Platform versiones 6.x anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de Omisión de Autorización. Un usuario malicioso autenticado de forma remota podría explotar esta vulnerabilidad para ver información confidencial. Las versiones 6.10 P3 (6.10.0.3) y 6.9 SP3 P4 (6.9.3.4) también están corregidas • https://www.archerirm.community/t5/releases/tkb-p/releases https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/677341 •
CVE-2021-33616
https://notcve.org/view.php?id=CVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. RSA Archer versiones 6.x hasta 6.9 SP1 P4 (6.9.1.4) permite un ataque de tipo XSS almacenado • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories https://github.com/fireeye/Vulnerability-Disclosures https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0020/MNDT-2022-0020.md https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-38362
https://notcve.org/view.php?id=CVE-2021-38362
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. En RSA Archer versiones 6.x hasta 6.9 SP3 (6.9.3.0), un atacante autenticado puede hacer una petición GET a un endpoint de la API REST que es vulnerable a un problema de Referencia Directa a Objetos Insegura (IDOR) y recuperar datos confidenciales • https://github.com/fireeye/Vulnerability-Disclosures https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 • CWE-639: Authorization Bypass Through User-Controlled Key •