Every CVE whose affected-product data names Rsa Archer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2019-3758 — CVSS 9.8 (critical): RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to…
CVE-2022-30584 — CVSS 9.6 (critical): Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could…
CVE-2020-5331 — CVSS 8.8 (high): RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could…
CVE-2018-11060 — CVSS 8.8 (high): RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious…
CVE-2018-11059 — CVSS 8.2 (high): RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user…
CVE-2020-5334 — CVSS 8.2 (high): RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote…
CVE-2022-37317 — CVSS 7.6 (high): Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this…
CVE-2020-5332 — CVSS 7.2 (high): RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with…
CVE-2022-37318 — CVSS 7.0 (high): Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user…
CVE-2021-38362 — CVSS 6.5 (medium): In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to…
CVE-2022-37316 — CVSS 6.5 (medium): Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could…
CVE-2022-30585 — CVSS 6.5 (medium): The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious…
CVE-2022-26951 — CVSS 6.5 (medium): Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could…
CVE-2019-3756 — CVSS 6.5 (medium): RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend…
CVE-2021-41594 — CVSS 6.5 (medium): In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API…
CVE-2022-26947 — CVSS 6.3 (medium): Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially…
CVE-2020-26884 — CVSS 6.1 (medium): RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit…
CVE-2022-26948 — CVSS 5.8 (medium): The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A…
CVE-2021-29252 — CVSS 5.4 (medium): RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to…
CVE-2022-26950 — CVSS 5.4 (medium): Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect…
CVE-2022-26949 — CVSS 5.3 (medium): Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious…
CVE-2020-29535 — CVSS 5.3 (medium): Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit…
CVE-2021-29253 — CVSS 5.1 (medium): The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage…
CVE-2020-5335 — CVSS 5.0 (medium): RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could…
CVE-2020-29538 — CVSS 4.9 (medium): Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative…
CVE-2020-5337 — CVSS 4.6 (medium): RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could…
CVE-2020-5336 — CVSS 4.6 (medium): RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially…
CVE-2020-29537 — CVSS 4.6 (medium): Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect…
CVE-2020-29536 — CVSS 4.3 (medium): Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to…
CVE-2020-5333 — CVSS 4.3 (medium): RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated…
CVE-2018-11065 — CVSS 2.7 (low): The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1…