CVE-2020-29537

Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
mitreCNA
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
rsaarcher
6.6 ≤
𝑥
< 6.6.0.8
rsaarcher
6.7 ≤
𝑥
< 6.7.0.8
rsaarcher
6.8 ≤
𝑥
< 6.8.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy