Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
References
Link | Resource |
---|---|
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support | Vendor Advisory |
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 | Mitigation Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-03-30 00:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-26950
Mitre link : CVE-2022-26950
CVE.ORG link : CVE-2022-26950
JSON object : View
Products Affected
rsa
- archer
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')