CVE-2017-14372

EPSS 0.34%
Published 11.10.2017 19:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Rsa ≫ Archer Grc Platform Version <= 6.2.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.533

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://seclists.org/fulldisclosure/2017/Oct/12

Third Party Advisory

VDB Entry

Mailing List

http://www.securityfocus.com/bid/101195

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039518

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-14372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14372

EUVD