CVE-2017-14372: XSS
First published: Wed Oct 11 2017(Updated: )
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Archer | <=6.2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14372?
CVE-2017-14372 is classified as a high-severity vulnerability due to its potential for reflected cross-site scripting attacks.
How do I fix CVE-2017-14372?
To fix CVE-2017-14372, upgrade RSA Archer GRC Platform to version 6.2.0.5 or later.
What types of attacks can CVE-2017-14372 enable?
CVE-2017-14372 can enable attackers to execute arbitrary HTML and JavaScript in the context of the user's browser.
Which versions of RSA Archer GRC Platform are affected by CVE-2017-14372?
CVE-2017-14372 affects RSA Archer GRC Platform versions prior to 6.2.0.5.
Where is CVE-2017-14372 located within the application?
CVE-2017-14372 exists in certain RSA Archer Help pages, which are vulnerable to reflected cross-site scripting.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rsa
- canonical/emc rsa archer
- version/emc rsa archer/6.2.0.4