CVE-2018-11065 Information

Description

The WorkPoint component which is embedded in all RSA Archer versions 6.1.x 6.2.x 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1 contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16 which contains a fix for the vulnerability.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://seclists.org/fulldisclosure/2018/Aug/31 http://www.securityfocus.com/bid/105128 http://www.securitytracker.com/id/1041540

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3