CVE-2020-5334: XSS
First published: Fri Feb 28 2020(Updated: )
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Archer | <6.7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5334?
CVE-2020-5334 is a Document Object Model (DOM) based cross-site scripting vulnerability in RSA Archer versions prior to 6.7 P2 (6.7.0.2).
How severe is CVE-2020-5334?
CVE-2020-5334 has a severity rating of 6.1, which is considered high.
How does CVE-2020-5334 work?
CVE-2020-5334 can be exploited by a remote unauthenticated attacker who tricks a victim application user into supplying malicious HTML or JavaScript code to the DOM environment.
Which RSA Archer versions are affected by CVE-2020-5334?
RSA Archer versions prior to 6.7 P2 (6.7.0.2) are affected by CVE-2020-5334.
Is there a fix for CVE-2020-5334?
Yes, users should update their RSA Archer installations to version 6.7 P2 (6.7.0.2) or later to fix CVE-2020-5334.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rsa
- canonical/rsa archer