CVE-2018-11059

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 8.2

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

Ссылки

http://seclists.org/fulldisclosure/2018/Jul/69
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/104892
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041359
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Jul/69
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/104892
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041359
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Версия от 6.1.0.0 (включая) до 6.1.0.3 (исключая)

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Версия от 6.2.0.0 (включая) до 6.2.0.10 (исключая)

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Версия от 6.3.0.0 (включая) до 6.3.0.7 (исключая)

cpe:2.3:a:rsa:archer:6.4.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00323

Низкий

8.2 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w92w-87vr-h7fh

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 55%

0.00323

Низкий

8.2 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79