EMC Identifier: ESA-2014-163
CVE Identifier: See below for individual identifiers
Severity Rating: View details below for individual CVSSv2 scores
Affected Products:
RSA Archer GRC Platform version 5.x
Summary:
RSA Archer GRC 5.5.1.1 Platform contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Details:
The vulnerabilities addressed in RSA Archer GRC Platform 5.x are:
1. Persistent Cross-Site Scripting (CVE-2014-4633)
A persistent cross-site scripting vulnerability could potentially be exploited to execute arbitrary HTML and script code in an RSA Archer users browser session in context of an affected RSA Archer application.
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
2. Multiple Vulnerabilities in Oracle JRE 7
RSA Archer GRC embeds Oracle JRE 7 which has known vulnerabilities. See vendor advisory for CVE identifiers and CVSSv2 scores:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
The Oracle Java SE patches are cumulative; patches included in the Critical Patch Update will include all fixes from the previous Critical Patch Updates.
Recommendation:
RSA strongly recommends all customers upgrade to RSA Archer GRC Platform 5.5.1.1 at their earliest opportunity.
Severity Rating:
For an explanation of Severity Ratings, refer to the Archer Vulnerability Disclosure Policy. Archer recommends all customers consider both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Comments
0 comments
Article is closed for comments.