Improper Access Control Vulnerability in Archer by RSA
CVE-2020-29538

4.9MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 29 January 2021

What is CVE-2020-29538?

Archer prior to version 6.9 P1 (6.9.0.1) is susceptible to an improper access control vulnerability affecting its API. This flaw could allow a remote authenticated malicious administrative user to exploit the vulnerability, potentially enabling them to gather sensitive system information. Such information may be leveraged for further attacks, compromising the integrity and security of the environment.

References

https://www.rsa.com/en-us/company/vulnerability-response-...

x_refsource_MISC

https://community.rsa.com/docs/DOC-115223

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Dec 3, 2020

JSON

Rsa

What is CVE-2020-29538?

References

CVSS V3.1

Timeline