Es wurde eine kritische Schwachstelle in RSA Archer bis 6.7 (Risk Management System) ausgemacht. Betroffen hiervon ist unbekannter Programmcode. Die Schwachstelle lässt sich durch das Einspielen des Patches 6.7 P1 beheben.

Feld05.05.2020 09:4405.05.2020 09:4915.10.2020 10:39
patch_name6.7 P16.7 P16.7 P1
cveCVE-2020-5337CVE-2020-5337CVE-2020-5337
seealso154733 154732 154731 154730154733 154732 154731 154730154733 154732 154731 154730
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore4.64.64.6
vendorRSARSARSA
nameArcherArcherArcher
version<=6.7<=6.7<=6.7
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.55.55.5
cvss3_meta_tempscore5.25.25.2
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1588550400 (04.05.2020)1588550400 (04.05.2020)1588550400 (04.05.2020)
price_0day$5k-$25k$5k-$25k$5k-$25k
namePatchPatchPatch
cve_assigned15780096001578009600
cve_nvd_summaryRSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
typeRisk Management SystemRisk Management System
cwe0601 (Redirect)601 (Redirect)
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cve_cnaDell

Do you need the next level of professionalism?

Upgrade your account now!