First published: Wed Nov 18 2020(Updated: )
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.8<=6.8.0.3 | |
RSA Archer | =6.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26884 is a URL injection vulnerability found in RSA Archer versions 6.8 through 6.8.0.3 and 6.9.
CVE-2020-26884 has a severity rating of 6.1, which is considered medium.
RSA Archer is a software platform used for governance, risk management, and compliance.
CVE-2020-26884 can be exploited by tricking a victim application user into executing malicious JavaScript code in the context of the RSA Archer web application.
To mitigate the vulnerability in RSA Archer, it is recommended to update to a version that is not affected by CVE-2020-26884.