CVE-2017-14372
Summary
| CVE | CVE-2017-14372 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-11 19:29:00 UTC |
| Updated | 2017-10-27 14:11:00 UTC |
| Description | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rsa | Archer Grc Platform | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities | CONFIRM | seclists.org | Mailing List, Third Party Advisory, VDB Entry |
| RSA Archer eGRC Multiple Bugs Let Remote Users Upload Files and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| RSA Archer GRC CMS Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.