Vulnerability Description
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Archer | >= 6.1.0.0, < 6.9.3.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/fireeye/Vulnerability-DisclosuresThird Party Advisory
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022Third Party Advisory
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-upThird Party Advisory
- https://github.com/fireeye/Vulnerability-DisclosuresThird Party Advisory
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022Third Party Advisory
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-upThird Party Advisory
FAQ
What is CVE-2021-38362?
CVE-2021-38362 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve...
How severe is CVE-2021-38362?
CVE-2021-38362 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38362?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Archer.