Vulnerability Details : CVE-2014-2505
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-2505
Probability of exploitation activity in the next 30 days: 0.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2505
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.4
|
MEDIUM | AV:A/AC:M/Au:N/C:P/I:P/A:P |
5.5
|
6.4
|
NIST |
References for CVE-2014-2505
- http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html
-
http://www.securitytracker.com/id/1030738
RSA Archer eGRC Flaws Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95360
EMC RSA Archer GRC control sphere code execution CVE-2014-2505 Vulnerability Report
-
http://www.securityfocus.com/bid/69290
EMC RSA Archer GRC CVE-2014-2505 Unspecified Remote Code Execution Vulnerability
Products affected by CVE-2014-2505
- cpe:2.3:a:emc:rsa_archer_egrc:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_archer_egrc:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_archer_egrc:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_archer_egrc:5.4:sp1:*:*:*:*:*:*