CVE-2021-38362

EPSS 0.26%
Veröffentlicht 30.03.2022 22:15:08
Zuletzt bearbeitet 21.11.2024 06:16:54
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rsa ≫ Archer Version >= 6.1.0.0 < 6.9.3.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.493

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/fireeye/Vulnerability-Disclosures

Third Party Advisory

https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497

Third Party Advisory

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-38362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38362

EUVD