CVE-2020-29538

EUVD-2020-21904
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
mitreCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:N/A:N/C:N/I:H/PR:H/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
rsaarcher
6.6 ≤
𝑥
< 6.6.0.8
rsaarcher
6.7 ≤
𝑥
< 6.7.0.8
rsaarcher
6.8 ≤
𝑥
< 6.8.0.5
rsaarcher
6.9 ≤
𝑥
< 6.9.0.1
𝑥
= Vulnerable software versions
References
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy