CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14371 – RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14371
06 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por un Cross-Site Scripting (XSS) reflejado mediante la URL de petición. Los atacantes podrían explotarlo para ejecutar HTML arbitrario en la sesión del buscador del usuar... • http://seclists.org/fulldisclosure/2017/Oct/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14372 – RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14372
06 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por vulnerabilidades de Cross-Site Scripting (XSS) reflejado mediante ciertas páginas de ayuda de RSA Archer. Los atacantes podrían explotarl... • http://seclists.org/fulldisclosure/2017/Oct/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 37EXPL: 0CVE-2017-8004 – RSA Identity Governance and Lifecycle File Upload / XSS
https://notcve.org/view.php?id=CVE-2017-8004
13 Jul 2017 — The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the pr... • http://seclists.org/fulldisclosure/2017/Jul/24 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2017-8005 – RSA Identity Governance and Lifecycle File Upload / XSS
https://notcve.org/view.php?id=CVE-2017-8005
13 Jul 2017 — The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. Los product... • http://seclists.org/fulldisclosure/2017/Jul/24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5003 – RSA Products Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-5003
09 Jun 2017 — EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (t... • http://www.securityfocus.com/archive/1/540693/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5004 – RSA Products Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-5004
09 Jun 2017 — EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. RSA Identity Governance and Lifecycle versiones 7.0.1, 7.0.2 (todos los niveles de parches); RSA Via Lifecycle and Governance versión 7.0 (todo... • http://www.securityfocus.com/archive/1/540693/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4978 – RSA Adaptive Authentication (On-Premise) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-4978
11 May 2017 — EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. RSA Adaptive Authentication (On-Premise) versiones anteriores a 7.3 P2 (exclusivo) de EMC, contienen una solución para una vulnerabilidad de tipo cross-site scripting que podría ser potencialmente explotada por usuarios maliciosos para comprometer el sistema afectado. RSA Adaptive Au... • http://www.securityfocus.com/archive/1/540552/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0919 – RSA Web Threat Detection 5.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-0919
28 Jan 2017 — EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Web Threat Detection versión 5.0, RSA Web Threat Detection versión 5.1, RSA Web Threat Detection versión 5.1.2 tiene una vulnerabilidad de XSS que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado. RSA... • http://www.securityfocus.com/archive/1/540057/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6851 – RSA SecurID Web Agent Authentication Bypass
https://notcve.org/view.php?id=CVE-2015-6851
21 Dec 2015 — EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. EMC RSA SecurID Web Agent en versiones a anteriores a 8.0 permite a atacantes físicamente próximos eludir el mecanismo de protección de privacidad de la pantalla aprovechando la desatención del equipo y ejecutando DOM Inspector. RSA SecurID Web Agent contains a patch that is designed to fix an authentication bypass vul... • http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4548 – RSA Web Threat Detection Privilege Escalation / Information Disclosure
https://notcve.org/view.php?id=CVE-2015-4548
30 Sep 2015 — EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. EMC RSA Web Threat Detection en versiones anteriores a 5.1 SP1 permite a usuarios locales obtener privilegios root al aprovechar el acceso a una cuenta de servicio y escribir comandos en un archivo de configuración del servicio . RSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privile... • http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •