CVE-2018-11065

2.7LOW

Key Information:

Vendor
Dell
Status
Rsa Archer
Vendor
CVE Published:
24 August 2018

Summary

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.

Affected Version(s)

RSA Archer 6.1.x,6.2.x

RSA Archer 6.3.x < 6.3.0.7

RSA Archer 6.4.x < 6.4.0.1

References

http://www.securitytracker.com/id/1041540
vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2018/Aug/31
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/105128
vdb-entryx_refsource_BID

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.