Filtered by vendor Rsa
Subscribe
Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1471 | 1 Rsa | 1 Securid Web Agent | 2024-11-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. | |||||
| CVE-2005-1118 | 1 Rsa | 1 Authentication Agent For Web | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. | |||||
| CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. | |||||
| CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2024-11-20 | 2.1 LOW | N/A |
| An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | |||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2024-11-20 | 7.5 HIGH | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2024-11-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2000-0522 | 1 Rsa | 1 Ace Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. | |||||
| CVE-1999-0834 | 1 Rsa | 1 Rsaref | 2024-11-20 | 10.0 HIGH | N/A |
| Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. | |||||
| CVE-2022-37316 | 1 Rsa | 1 Archer | 2024-02-04 | N/A | 6.5 MEDIUM |
| Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release. | |||||
| CVE-2022-37317 | 1 Rsa | 1 Archer | 2024-02-04 | N/A | 5.4 MEDIUM |
| Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2022-30585 | 1 Rsa | 1 Archer | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | |||||
| CVE-2022-26950 | 1 Rsa | 1 Archer | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | |||||
| CVE-2022-26947 | 1 Rsa | 1 Archer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2021-41594 | 1 Rsa | 1 Archer | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. | |||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | |||||
| CVE-2021-38362 | 1 Rsa | 1 Archer | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | |||||
| CVE-2021-33615 | 1 Rsa | 1 Archer | 2024-02-04 | 8.5 HIGH | 7.5 HIGH |
| RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2021-33616 | 1 Rsa | 1 Archer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | |||||
| CVE-2022-26951 | 1 Rsa | 1 Archer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2022-30584 | 1 Rsa | 1 Archer | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | |||||