Insecure Credential Storage in Archer RSS Feed Integration from RSA
CVE-2022-26948

5.8MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 30 March 2022

Summary

The Archer RSS feed integration for versions 6.x through 6.9 SP1, specifically 6.9.1.0, is impacted by an insecure credential storage vulnerability. This flaw allows malicious attackers to gain unauthorized access to sensitive credential information, which can be exploited for further attacks, potentially compromising the security of the system. It is crucial for users of affected Archer versions to address this vulnerability promptly to safeguard their data and prevent any malicious exploitation.

References

https://www.archerirm.community/t5/general-support-inform...

x_refsource_MISC

https://www.archerirm.community/t5/security-advisories/ar...

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Mar 12, 2022