EMC Identifier: ESA-2013-057
CVE Identifier: CVE-2013-3276, CVE-2013-3277
Severity Rating: CVSS v2 Base Score: See below for individual scores
Affected Products:
RSA Archer version 5.x
Unaffected Products:
Summary:
RSA Archer GRC 5.4 platform contains fixes for security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Details:
The vulnerabilities addressed in RSA Archer GRC 5.4 are:
- Improper restriction of user login (CVE-2013-3276)A flaw in platform does not prevent users from login who should have been deactivated. CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
- Open redirect vulnerability (CVE-2013-3277)This vulnerability may allow malicious phishing attacks by redirecting users to arbitrary web sites. CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Recommendation:
RSA strongly recommends all customers upgrade to RSA Archer GRC 5.4 at their earliest opportunity.
Comments
0 comments
Article is closed for comments.