CVE-2017-8016 in RSA Archer GRC
Summary
by MITRE
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/03/2023
The vulnerability identified as CVE-2017-8016 represents a critical stored cross-site scripting flaw within the RSA Archer GRC Platform version 6.2.0.4 and earlier. This security weakness resides in the Questionnaire ID field processing mechanism, where the application fails to properly sanitize user-supplied input before storing and subsequently rendering it within web pages. The vulnerability affects authenticated users who can manipulate the questionnaire identification parameters, creating a persistent XSS attack vector that can compromise user sessions and potentially escalate to more severe security incidents.
The technical implementation of this flaw stems from inadequate input validation and output encoding practices within the web application's data handling pipeline. When an authenticated attacker submits malicious content through the Questionnaire ID field, the system stores this input without proper sanitization measures. Subsequently, when other users view pages containing this stored data, the malicious script executes within their browser context, leveraging the trusted relationship between the user and the RSA Archer application. This stored XSS vulnerability operates at the application layer and can be exploited through the standard HTTP request/response cycle without requiring additional privileges beyond authentication.
The operational impact of CVE-2017-8016 extends beyond simple script execution, potentially enabling attackers to perform session hijacking, credential theft, and data exfiltration from authenticated user sessions. An attacker could craft malicious payloads that redirect users to phishing sites, steal session cookies, or inject additional malicious scripts that persist across multiple user interactions. The vulnerability particularly affects organizations using RSA Archer for governance, risk, and compliance management, where sensitive business data and regulatory information are processed, making successful exploitation potentially catastrophic for organizational security postures.
Organizations should prioritize immediate remediation by upgrading to RSA Archer GRC Platform version 6.2.0.5 or later, which includes proper input sanitization and output encoding controls to prevent stored XSS attacks. Additional mitigations include implementing web application firewalls with XSS detection capabilities, conducting regular security code reviews focusing on input validation, and establishing comprehensive user input sanitization protocols. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and maps to ATT&CK technique T1566.001 for initial access through malicious web content, highlighting the importance of proper web application security controls in enterprise environments.