A weakness and a security issue have been reported in EMC RSA Archer GRC
EMC RSA Archer GRC 5.x
This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing attacks
1) The application does not properly restrict deactivated users. This can be exploited by deactivated users to login and gain access to otherwise restricted functionality.
2) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Vendor recommends updating to version 5.4