CVE-2017-14370

Name of the Vulnerable Software and Affected Versions RSA Archer GRC Platform versions prior to 6.2.0.5

Description The issue allows an authenticated attacker to potentially execute arbitrary HTML in the user's browser session within the context of the RSA Archer application through stored cross-site scripting via the Source Asset ID field.

Recommendations For versions prior to 6.2.0.5, update to version 6.2.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Source Asset ID field to minimize the risk of exploitation.