Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
No ratings

[Historic] Archer Update for GRC Multiple Vulnerabilities

Anonymous
Not applicable

on ‎2013-08-27 05:25 AM - edited on ‎2024-02-02 07:46 PM by Archer Employee

EMC Identifier: ESA-2013-057

CVE Identifier: CVE-2013-3276, CVE-2013-3277 

Severity Rating: CVSS v2 Base Score: See below for individual scores

 

Affected Products:

RSA Archer version 5.x

 

Unaffected Products:

 

Summary: 

RSA Archer GRC 5.4 platform contains fixes for security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

 

Details: 

The vulnerabilities addressed in RSA Archer GRC 5.4 are:

  1. Improper restriction of user login (CVE-2013-3276)
    A flaw in platform does not prevent users from login who should have been deactivated.
    CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
  2. Open redirect vulnerability (CVE-2013-3277)
    This vulnerability may allow malicious phishing attacks by redirecting users to arbitrary web sites. 
    CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Recommendation:

 

RSA strongly recommends all customers upgrade to RSA Archer GRC 5.4 at their earliest opportunity.

 

0 Kudos
Version history
Last update:
‎2024-02-02 07:46 PM
Updated by:
Archer Employee
Contributors