CVE-2022-26950

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

Ссылки

https://www.archerirm.community/t5/general-support-information/tkb-p/information-support
Vendor Advisory
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
Mitigation
Vendor Advisory
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support
Vendor Advisory
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Версия от 6.1.0.0 (включая) до 6.9.0.3 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-ff8h-xg3q-fj52

CVSS3: 6.1

github

почти 4 года назад

EPSS

Процентиль: 33%

0.00134

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601