First published: Fri Jan 29 2021(Updated: )
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.6<6.6.0.8 | |
RSA Archer | >=6.7<6.7.0.8 | |
RSA Archer | >=6.8<6.8.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29537 is an open redirect vulnerability affecting RSA Archer before 6.8 P2 (6.8.0.2).
CVE-2020-29537 has a severity rating of 5.4, which is considered medium.
CVE-2020-29537 allows a remote privileged attacker to potentially redirect legitimate users to arbitrary websites and conduct phishing attacks, leading to possible credential theft.
CVE-2020-29537 affects RSA Archer versions 6.6 up to 6.8.0.2.
To mitigate the risks of CVE-2020-29537, it is recommended to apply the necessary security patches or updates provided by RSA.