Authorization Bypass Vulnerability in Archer Platform by RSA Security
CVE-2022-30585

6.5MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 26 May 2022

Summary

The Archer Platform, developed by RSA Security, contains an authorization bypass vulnerability in its REST API, present in versions prior to 6.11. This flaw allows a remote authenticated malicious user to exploit the system, potentially gaining unauthorized access to sensitive information. Fixes have been issued in releases 6.10 P3 and 6.9 SP3 P4 to mitigate this security risk.

References

https://www.archerirm.community/t5/releases/tkb-p/releases

x_refsource_MISC

https://www.archerirm.community/t5/security-advisories/ar...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2022
Vulnerability Reserved
May 11, 2022