EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability

Bugtraq ID:	105128
Class:	Input Validation Error
CVE:	CVE-2018-11065
Remote:	Yes
Local:	No
Published:	Aug 23 2018 12:00AM
Updated:	Aug 23 2018 12:00AM
Credit:	Giulio Comi of Horizon Security
Vulnerable:	EMC RSA Archer GRC 6.4 EMC RSA Archer GRC 6.3 EMC RSA Archer GRC 6.2 EMC RSA Archer GRC 6.1 EMC RSA Archer GRC 6.2.0.8 EMC RSA Archer GRC 6.2.0.5 EMC RSA Archer GRC 6.2.0.2
Not Vulnerable:	EMC RSA Archer GRC 6.4.0.1 EMC RSA Archer GRC 6.3.0.7

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability

EMC RSA Archer GRC is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EMC RSA Archer GRC 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1 are vulnerable.

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability

References:

• DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint (Seclists.org)
  
• EMC Homepage (EMC)