CVE-2017-14370
Summary
| CVE | CVE-2017-14370 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-11 19:29:00 UTC |
| Updated | 2017-10-27 14:10:00 UTC |
| Description | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rsa | Archer Grc Platform | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities | CONFIRM | seclists.org | Mailing List, Third Party Advisory, VDB Entry |
| RSA Archer eGRC Multiple Bugs Let Remote Users Upload Files and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.