EMC Identifier: ESA-2015-142
CVE Identifier: CVE-2015-4541, CVE-2015-4542, CVE-2015-4543
Severity Rating: CVSS v2 Base Score: View details below for individual CVSS v2 scores
Affected Products:
RSA Archer version 5.x
Summary:
RSA Archer GRC 5.5.3 platform is designed to contain fixes for multiple vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Details:
The vulnerabilities addressed in RSA Archer GRC Platform 5.5.3 are:
-
CVE-2015-4541: Multiple stored cross-site scripting vulnerabilities
RSA Archer GRC Platform 5.5.3 could potentially be affected by multiple stored cross-site scripting vulnerabilities. Attackers could potentially exploit these vulnerabilities to execute arbitrary HTML or Javascript code in a RSA Archer userÕs browser session in the context of an affected RSA Archer application.
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
-
CVE-2015-4542: Improper authorization vulnerability
An unauthorized RSA Archer user can potentially read and modify messages on the Discussion Forum Fields due to improper authorizations checks.CVSSv2 Base Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
-
CVE-2015-4543: Sensitive information exposure vulnerability
In certain circumstances, RSA -Archer user password could potentially be stored in clear text in the database fields. The attacker with read access to the database can obtain this password and access Archer application with privileges of the compromised user.
CVSSv2 Base Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:C/A:N)
Recommendation:
RSA recommends all customers upgrade to RSA Archer GRC 5.5.3 at their earliest opportunity.
Comments
0 comments
Article is closed for comments.