CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25066
https://notcve.org/view.php?id=CVE-2024-25066
17 Feb 2025 — RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur. • https://community.rsa.com/s/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.7EPSS: 3%CPEs: 1EXPL: 6CVE-2022-47529 – RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
https://notcve.org/view.php?id=CVE-2022-47529
24 Mar 2023 — Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sen... • https://packetstorm.news/files/id/171476 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37316
https://notcve.org/view.php?id=CVE-2022-37316
25 Aug 2022 — Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release. Archer Platform versiones 6.8 anteriores a 6.11 P3 (6.11.0.3) contiene una vulnerabilidad de control de acceso a la API inapropiado en un sistema multi instancia que podría presentar metadatos no autorizados a un usuario autenticado ... • https://archerirm.com •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37318
https://notcve.org/view.php?id=CVE-2022-37318
25 Aug 2022 — Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. Archer Platf... • https://archerirm.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37317
https://notcve.org/view.php?id=CVE-2022-37317
25 Aug 2022 — Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. Archer Platform versiones 6.x anteriores a 6.11 P3 contiene una vulnerabilidad de inyección de HTML. Un atacante remoto autenticado podría explotar potencialmente esta vulnerabilidad... • https://archerirm.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33615
https://notcve.org/view.php?id=CVE-2021-33615
02 Jun 2022 — RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. RSA Archer versión 6.8.00500.1003 P5, permite una Carga sin Restricciones de un Archivo con un Tipo Peligroso • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30584
https://notcve.org/view.php?id=CVE-2022-30584
26 May 2022 — Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. Archer Platform versiones 6.3 anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de control de acceso inapropiado dentro de la funcionalidad SSO ADFS que podría ser explotada por usuarios maliciosos para comprometer el siste... • https://www.archerirm.community/t5/releases/tkb-p/releases •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30585
https://notcve.org/view.php?id=CVE-2022-30585
26 May 2022 — The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. La API REST en Archer Platform versiones 6.x anteriores a 6.11 (6.11.0.0) contiene una vulnerabilidad de Omisión de Autorización. Un usuario malicioso autenticado de forma remota podría explotar esta vulnerabilidad para ve... • https://www.archerirm.community/t5/releases/tkb-p/releases •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33616
https://notcve.org/view.php?id=CVE-2021-33616
04 Apr 2022 — RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. RSA Archer versiones 6.x hasta 6.9 SP1 P4 (6.9.1.4) permite un ataque de tipo XSS almacenado • https://community.rsa.com/t5/archer-product-advisories/tkb-p/archer-product-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38362
https://notcve.org/view.php?id=CVE-2021-38362
30 Mar 2022 — In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. En RSA Archer versiones 6.x hasta 6.9 SP3 (6.9.3.0), un atacante autenticado puede hacer una petición GET a un endpoint de la API REST que es vulnerable a un problema de Referencia Directa a Objetos Insegura (IDOR) y recuperar datos confidenciales • https://github.com/fireeye/Vulnerability-Disclosures • CWE-639: Authorization Bypass Through User-Controlled Key •