CVE Vulnerability

CVE-2022-26950

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 Mitigation Vendor Advisory
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*
Information

Published : 2022-03-30 12:15

Updated : 2022-04-05 11:45

NVD link : CVE-2022-26950

Mitre link : CVE-2022-26950

Products Affected

Archer

Rsa

CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')