CVE-2017-14371

Published: Oct 11, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Affected (1)

Products: Rsa: Archer Grc Platform

1 product

Archer Grc Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rsa Archer Grc Platform	Up to 6.2.0.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://seclists.org/fulldisclosure/2017/Oct/12

Source: security_alert@emc.com

Mailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/101195

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039518

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Oct/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/101195

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039518

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.