CVE-2020-29537 — MEDIUM (4.6)

Q: How severe is CVE-2020-29537?

CVE-2020-29537 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-29537?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Archer.

Vulnerability Description

Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Rsa	Archer	>= 6.6, < 6.6.0.8

Related Weaknesses (CWE)

CWE-601

References

https://community.rsa.com/docs/DOC-115223Vendor Advisory
https://www.rsa.com/en-us/company/vulnerability-response-policyVendor Advisory
https://community.rsa.com/docs/DOC-115223Vendor Advisory
https://www.rsa.com/en-us/company/vulnerability-response-policyVendor Advisory

FAQ

What is CVE-2020-29537?

CVE-2020-29537 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks...

How severe is CVE-2020-29537?

CVE-2020-29537 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29537?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Archer.