Vulnerability Description
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Archer | >= 6.1.0.0, < 6.9.0.3 |
Related Weaknesses (CWE)
References
- https://www.archerirm.community/t5/general-support-information/tkb-p/informationVendor Advisory
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-upMitigationVendor Advisory
- https://www.archerirm.community/t5/general-support-information/tkb-p/informationVendor Advisory
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-upMitigationVendor Advisory
FAQ
What is CVE-2022-26950?
CVE-2022-26950 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing ...
How severe is CVE-2022-26950?
CVE-2022-26950 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26950?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Archer.