Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
References
Link | Resource |
---|---|
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support | Vendor Advisory |
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 | Mitigation Vendor Advisory |
Configurations
History
05 Apr 2022, 23:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:* | |
First Time |
Rsa
Rsa archer |
|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.1 |
CWE | CWE-601 | |
References | (MISC) https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 - Mitigation, Vendor Advisory | |
References | (MISC) https://www.archerirm.community/t5/general-support-information/tkb-p/information-support - Vendor Advisory |
30 Mar 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-30 00:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26950
Mitre link : CVE-2022-26950
CVE.ORG link : CVE-2022-26950
JSON object : View
Products Affected
rsa
- archer
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')