This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Advisories
- Product Advisories
- RSA Archer 6.4 SP1 False Positive Security Vulnerabilities
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
RSA Archer 6.4 SP1 False Positive Security Vulnerabilities
RSA Archer 6.4 SP1 False Positive Security Vulnerabilities
Article Number
000036587
CVE ID
000036587
Applies To
RSA Product Set: Archer
RSA Product/Service Type: Archer
RSA Version/Condition: 6.4 SP1
RSA Product/Service Type: Archer
RSA Version/Condition: 6.4 SP1
Article Summary
CVE ID: The Common Vulnerabilities and Exposures Identifiers (CVE IDs) are listed in the table below.
Issue Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC RSA Archer 6.4 SP1, but which may be flagged by security scanners.
Link to Advisories:
Each CVE ID listed can be searched using the following link: https://web.nvd.nist.gov/view/vuln/search. Once there, you can search for each CVE ID referenced in this article for more details.
Impact Details: The vulnerabilities listed in the table below are in order by the date on which RSA Archer Engineering determined that RSA Archer 6.4 SP1 was not vulnerable.
Issue Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC RSA Archer 6.4 SP1, but which may be flagged by security scanners.
Link to Advisories:
Each CVE ID listed can be searched using the following link: https://web.nvd.nist.gov/view/vuln/search. Once there, you can search for each CVE ID referenced in this article for more details.
Impact Details: The vulnerabilities listed in the table below are in order by the date on which RSA Archer Engineering determined that RSA Archer 6.4 SP1 was not vulnerable.
| CVE ID | Summary of Vulnerability | Reason Product is Not Vulnerable | Date Determined False Positive |
| CVE-2017-1000048 | ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a denial-of-service (DoS). | Component version used is higher than the impacted version. | June 13, 2018 |
| CVE-2018-1270 | Spring Framework is vulnerable to remote code execution (RCE) due to lack of proper validation of user-supplied input. | GemFire caching does not leverage the vulnerable component. | June 13, 2018 |
| CVE-2018-1271 | Spring Framework is vulnerable to directory traversal due to the way static content can be loaded. | GemFire does not serve files from the file system. | June 19, 2018 |
| CVE-2018-1272 | Spring Framework is vulnerable to privilege escalation due to insufficient validation of user-supplied input. | GemFire caching does not leverage the vulnerable component. | June 17, 2018 |
| CVE-2018-1273 | Spring Data Commons contain a property binder vulnerability caused by improper neutralization of special elements. | GemFire is not shipped with the vulnerable component. | June 29, 2018 |
| CVE-2018-1274 | Spring Data Commons is vulnerable to denial-of-service (DoS) because it does not check for lengthy path names. | GemFire is not shipped with the vulnerable component. | June 29, 2018 |
| CVE-2015-9251 | Library is vulnerable to cross-site scripting (XSS) attack caused by a lack of user input sanitization. | Local help system is not leveraged by web server component involving user session and user input. | July 5, 2018 |
Link to Advisories
Alert Impact
Not Exploitable
Tags (26)
- Advisory
- All Products
- All RSA Products
- Customer Support
- Customer Support Article
- CVE
- False Positive
- High Profile
- KB Article
- Knowledge Article
- Knowledge Base
- No Impact
- Not Applicable
- Not Exploitable
- RSA Security Advisory
- RSA Security Alert
- Security Advisory
- Security Advisory Article
- Security Alert
- Security Notification
- Security Recommendations
- Security Warning
- Vuln
- Vulnerabilities
- Vulnerability
- Vulnerability Warning
No ratings
