CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14370

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://seclists.org/fulldisclosure/2017/Oct/12
http://www.securitytracker.com/id/1039518
http://seclists.org/fulldisclosure/2017/Oct/12
http://www.securitytracker.com/id/1039518

Products affected by CVE-2017-14370

Rsa » Archer Grc Platform » Version: 5.5

cpe:2.3:a:rsa:archer_grc_platform:5.5
Rsa » Archer Grc Platform » Version: 6.0

cpe:2.3:a:rsa:archer_grc_platform:6.0
Rsa » Archer Grc Platform » Version: 6.1

cpe:2.3:a:rsa:archer_grc_platform:6.1
Rsa » Archer Grc Platform » Version: 6.2

cpe:2.3:a:rsa:archer_grc_platform:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14370

Products

Pricing

Contact Us