GCVE - cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Rsa (`6c9430aa-ac8c-5ac3-900a-ccfffd5a25d5`)
Product	Archer Grc Platform (`94569e5a-e2f6-51fe-aa62-a390cba30f3b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3716`	vulnerable	2026-06-03 14:40:26.835663	Information Exposure Vulnerability HIGH (7.8) RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. Published: 2019-03-13T22:00:00.000Z Updated: 2024-09-16T22:39:54.202Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2019/Mar/19 http://www.securityfocus.com/bid/107406	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3715`	vulnerable	2026-06-03 14:40:26.834643	Information Exposure Vulnerability HIGH (7.8) RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. Published: 2019-03-13T22:00:00.000Z Updated: 2024-09-16T18:43:54.780Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2019/Mar/19 http://www.securityfocus.com/bid/107443	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15780`	vulnerable	2026-06-03 14:38:19.436434	DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability MEDIUM (4.3) RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information. Published: 2019-01-03T21:00:00.000Z Updated: 2024-09-17T03:37:26.681Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106396 https://seclists.org/fulldisclosure/2019/Jan/3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14372`	vulnerable	2026-06-03 14:36:39.058895	Details available RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. Published: 2017-10-11T19:00:00.000Z Updated: 2024-08-05T19:27:40.377Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101195 http://www.securitytracker.com/id/1039518 http://seclists.org/fulldisclosure/2017/Oct/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14371`	vulnerable	2026-06-03 14:36:39.058560	Details available RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. Published: 2017-10-11T19:00:00.000Z Updated: 2024-08-05T19:27:40.481Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101195 http://www.securitytracker.com/id/1039518 http://seclists.org/fulldisclosure/2017/Oct/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14370`	vulnerable	2026-06-03 14:36:39.058157	Details available RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. Published: 2017-10-11T19:00:00.000Z Updated: 2024-08-05T19:27:40.333Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1039518 http://seclists.org/fulldisclosure/2017/Oct/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14369`	vulnerable	2026-06-03 14:36:39.056632	Details available RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. Published: 2017-10-11T19:00:00.000Z Updated: 2024-08-05T19:27:40.164Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101195 http://www.securitytracker.com/id/1039518 http://seclists.org/fulldisclosure/2017/Oct/12	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.