CVE-2017-14371 in RSA Archer GRC
Summary
by MITRE
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/16/2021
The vulnerability identified as CVE-2017-14371 affects the RSA Archer GRC Platform version 6.2.0.4 and earlier, representing a critical reflected cross-site scripting flaw that undermines the application's security posture. This vulnerability resides within the platform's handling of request URLs, specifically failing to properly sanitize user input before incorporating it into web responses. The flaw allows attackers to inject malicious scripts that execute within the victim's browser session, effectively bypassing the application's security controls and potentially compromising user sessions.
The technical nature of this vulnerability aligns with CWE-79, which describes improper neutralization of input during web page generation, commonly known as cross-site scripting. The vulnerability operates by manipulating the URL parameters passed to the RSA Archer application, where the platform fails to validate or escape user-supplied data before rendering it in web responses. When a user visits a maliciously crafted URL containing script code, the application reflects this code back to the user's browser, executing it within the context of the authenticated session. This creates a persistent threat vector that can be exploited across multiple user sessions.
The operational impact of this vulnerability extends beyond simple script execution, as it enables attackers to perform session hijacking, steal authentication tokens, and potentially gain unauthorized access to sensitive information within the RSA Archer environment. An attacker could craft URLs that redirect users to malicious sites, steal cookies, or manipulate application functionality to extract confidential data. The reflected nature of the vulnerability means that exploitation requires user interaction with a malicious link, but once clicked, the attack executes automatically within the user's browser session, making it particularly dangerous in enterprise environments where users frequently interact with web applications containing sensitive data.
Security professionals should consider this vulnerability in the context of the ATT&CK framework under the technique T1059.007 for scripting languages and T1531 for credential access, as the reflected XSS can lead to session theft and privilege escalation. The vulnerability demonstrates a critical failure in input validation and output encoding practices, emphasizing the need for comprehensive security controls. Organizations should prioritize immediate patching to version 6.2.0.5 or later, which includes proper input sanitization and output encoding mechanisms. Additionally, implementing proper web application firewalls, content security policies, and regular security assessments can help detect and prevent similar vulnerabilities in other applications within the RSA Archer ecosystem.