CVE-2012-2292
First published: Wed Feb 06 2013(Updated: )
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Archer | =4.3 | |
| EMC RSA Archer | =4.5 | |
| EMC RSA Archer | =5.0 | |
| EMC RSA Archer | =5.1 | |
| EMC RSA Archer | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-2292?
CVE-2012-2292 is classified as a medium-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2012-2292?
To fix CVE-2012-2292, upgrade to RSA Archer SmartSuite Framework 4.5 or later, or RSA Archer GRC 5.2SP1 or later.
What are the potential impacts of CVE-2012-2292?
The potential impacts of CVE-2012-2292 include unauthorized access to sensitive application data and bypassing of security policies.
Which software versions are affected by CVE-2012-2292?
CVE-2012-2292 affects EMC RSA Archer SmartSuite 4.x and RSA Archer GRC 5.x versions prior to 5.2SP1.
Who can exploit CVE-2012-2292?
CVE-2012-2292 can be exploited by remote attackers who can send requests that bypass the Same Origin Policy.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/emc rsa archer
- version/emc rsa archer/4.3
- version/emc rsa archer/4.5
- version/emc rsa archer/5.0
- version/emc rsa archer/5.1
- version/emc rsa archer/5.2