Описание
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-38362
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
Связанные уязвимости
CVSS3: 6.5
nvd
почти 4 года назад
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.