EMC Identifier: ESA-2013-079
CVE Identifier: CVE-2013-6178
Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Affected Products:
RSA Archer version 5.x
Summary:
RSA Archer GRC 5.4 P2 and 5.4 SP1 platform contains fixes for multiple cross-site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Details:
RSA Archer GRC 5.4 P2 and 5.4 SP1 platform contains fixes for multiple cross-site scripting vulnerabilities. These vulnerabilities can be exploited to execute arbitrary HTML and script code in an RSA Archer userÕs browser session in context of an affected RSA Archer application.
Recommendation:
RSA strongly recommends all customers upgrade to RSA Archer GRC 5.4 P2 or 5.4 SP1 at their earliest opportunity.
Severity Rating:
For an explanation of Severity Ratings, refer to the Archer Vulnerability Disclosure Policy. Archer recommends all customers consider both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
