Insecure Direct Object Reference in RSA Archer by RSA Security
CVE-2021-38362

6.5MEDIUM

Key Information:

Vendor
Rsa
Status
Archer
Vendor
CVE Published:
30 March 2022

Summary

An IDOR vulnerability exists in RSA Archer, allowing authenticated attackers to exploit a REST API endpoint. By making a specially crafted GET request, these attackers can bypass access controls and gain unauthorized access to sensitive information. This poses a significant risk as it may expose sensitive data that should only be available to authorized users.

References

https://github.com/fireeye/Vulnerability-Disclosures
x_refsource_MISC
https://www.archerirm.community/t5/security-advisories/ar...
x_refsource_MISC
https://github.com/mandiant/Vulnerability-Disclosures/blo...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.