CVE-2020-29538

Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
mitreCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:N/A:N/C:N/I:H/PR:H/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
rsaarcher
6.6 ≤
𝑥
< 6.6.0.8
rsaarcher
6.7 ≤
𝑥
< 6.7.0.8
rsaarcher
6.8 ≤
𝑥
< 6.8.0.5
rsaarcher
6.9 ≤
𝑥
< 6.9.0.1
𝑥
= Vulnerable software versions
References
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy
https://community.rsa.com/docs/DOC-115223
https://www.rsa.com/en-us/company/vulnerability-response-policy