First published: Fri Aug 24 2018(Updated: )
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.1.0.3 | |
RSA Archer | >=6.2.0.0<6.2.0.10 | |
RSA Archer | >=6.3.0.0<6.3.0.7 | |
RSA Archer | >=6.4.0.0<6.4.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11065 is a SQL injection vulnerability in the WorkPoint component of RSA Archer versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7, and 6.4.x prior to 6.4.0.1.
CVE-2018-11065 has a severity level of 4.3, which is considered medium.
CVE-2018-11065 affects all RSA Archer versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7, and 6.4.x prior to 6.4.0.1 as it allows a malicious user to execute SQL commands on the back-end database.
The impact of CVE-2018-11065 is that a malicious user can read certain data from the back-end database by exploiting the SQL injection vulnerability.
To fix CVE-2018-11065, you should upgrade to RSA Archer version 6.3.0.7 or 6.4.0.1, depending on the currently installed version.