Improper Access Control Vulnerability in Archer by RSA
CVE-2020-29538

4.9MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 29 January 2021

Summary

Archer prior to version 6.9 P1 (6.9.0.1) is susceptible to an improper access control vulnerability affecting its API. This flaw could allow a remote authenticated malicious administrative user to exploit the vulnerability, potentially enabling them to gather sensitive system information. Such information may be leveraged for further attacks, compromising the integrity and security of the environment.

References

https://www.rsa.com/en-us/company/vulnerability-response-...

x_refsource_MISC

https://community.rsa.com/docs/DOC-115223

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Dec 3, 2020