CVE-2017-14372 in RSA Archer GRC
Summary
by MITRE
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/16/2021
The vulnerability identified as CVE-2017-14372 represents a critical reflected cross-site scripting flaw within the RSA Archer GRC Platform, affecting versions prior to 6.2.0.5. This issue resides specifically within the RSA Archer Help pages, which serve as essential components for user assistance and documentation within the governance, risk, and compliance platform. The vulnerability stems from inadequate input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before incorporating it into web responses. When users navigate to help pages that process parameters from HTTP requests without proper sanitization, malicious actors can craft specially crafted URLs containing malicious script payloads that get executed in the victim's browser context. The reflected nature of this vulnerability means that the malicious script is reflected off the web server, making it particularly dangerous as it can be delivered through various attack vectors including phishing emails, malicious links, or compromised web pages that direct users to exploit the vulnerable help functionality.
The technical exploitation of this vulnerability occurs when an attacker crafts a malicious URL containing XSS payloads and delivers it to a victim user who is authenticated to the RSA Archer application. Upon clicking the link or visiting the crafted page, the malicious script gets executed within the victim's browser session, operating under the privileges and permissions of the authenticated user. This presents a significant risk as attackers can potentially steal session cookies, modify application data, perform unauthorized actions on behalf of users, or redirect victims to malicious sites. The vulnerability specifically impacts the Help pages functionality, which typically provide contextual assistance and documentation, making it a prime target for exploitation since users naturally visit these pages when seeking information or troubleshooting. The reflected XSS nature means that the malicious payload is not stored on the server but rather injected into the response by the web application, making it more difficult to detect through traditional security scanning methods and requiring immediate remediation upon discovery.
The operational impact of this vulnerability extends beyond simple script execution, as it fundamentally compromises the security posture of organizations using RSA Archer GRC Platform. Given that RSA Archer is designed for enterprise governance, risk, and compliance management, unauthorized access to user sessions could lead to data breaches, regulatory compliance violations, and significant business disruption. Attackers could leverage this vulnerability to escalate privileges, access sensitive risk assessments, compliance reports, and governance data that would otherwise be protected. The vulnerability also creates potential for credential theft through session hijacking, allowing attackers to maintain persistent access to the platform and its associated data. Organizations relying on RSA Archer for critical security operations face heightened risk of insider threats, external breaches, and operational continuity issues when such vulnerabilities remain unpatched. The impact is particularly severe in environments where the platform manages sensitive compliance data, risk assessments, and governance processes that require strict access controls and audit trails.
Organizations should implement immediate remediation measures including applying the vendor-provided patches for RSA Archer GRC Platform version 6.2.0.5 or later, which contain the necessary fixes for the reflected XSS vulnerability. Network-level protections such as web application firewalls can provide additional defense-in-depth, though they should not be relied upon as the sole mitigation strategy. Input validation and output encoding should be strengthened across all help and user-facing pages to prevent similar vulnerabilities from emerging. Security teams should conduct comprehensive vulnerability assessments of the application and related systems to identify potential additional XSS vulnerabilities. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and represents a clear violation of secure coding practices outlined in the OWASP Top Ten. From an ATT&CK perspective, this vulnerability maps to technique T1059.007 for script execution and T1566 for social engineering, as it enables attackers to leverage user trust in help pages to deliver malicious payloads. Regular security testing, including both automated scanning and manual penetration testing, should be implemented to ensure ongoing protection against similar vulnerabilities in the platform's codebase and dependencies.