{"api_version":"1","generated_at":"2026-04-23T00:38:21+00:00","cve":"CVE-2017-14372","urls":{"html":"https://cve.report/CVE-2017-14372","api":"https://cve.report/api/cve/CVE-2017-14372.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14372","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14372"},"summary":{"title":"CVE-2017-14372","description":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2017-10-11 19:29:00","updated_at":"2017-10-27 14:11:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Oct/12","name":"http://seclists.org/fulldisclosure/2017/Oct/12","refsource":"CONFIRM","tags":["Mailing List","Third Party Advisory","VDB Entry"],"title":"Full Disclosure: ESA-2017-111: RSA ArcherĀ® GRC Platform Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039518","name":"1039518","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"RSA Archer eGRC Multiple Bugs Let Remote Users Upload Files and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101195","name":"101195","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"RSA Archer GRC CMS Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14372","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14372","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14372","vulnerable":"1","versionEndIncluding":"6.2.0.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rsa","cpe5":"archer_grc_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2017-14372","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"RSA Archer GRC Platform prior to 6.2.0.5","version":{"version_data":[{"version_value":"RSA Archer GRC Platform prior to 6.2.0.5"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Reflected Cross Site Scripting"}]}]},"references":{"reference_data":[{"name":"101195","refsource":"BID","url":"http://www.securityfocus.com/bid/101195"},{"name":"1039518","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039518"},{"name":"http://seclists.org/fulldisclosure/2017/Oct/12","refsource":"CONFIRM","url":"http://seclists.org/fulldisclosure/2017/Oct/12"}]}},"nvd":{"publishedDate":"2017-10-11 19:29:00","lastModifiedDate":"2017-10-27 14:11:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.0.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14372","Ordinal":"111806","Title":"CVE-2017-14372","CVE":"CVE-2017-14372","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14372","Ordinal":"1","NoteData":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"14372","Ordinal":"2","NoteData":"2017-10-11","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14372","Ordinal":"3","NoteData":"2017-10-12","Type":"Other","Title":"Modified"}]}}}