First published: Mon May 04 2020(Updated: )
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | <6.7.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5337 is a URL redirection vulnerability in RSA Archer versions prior to 6.7 P1 (6.7.0.1).
CVE-2020-5337 affects RSA Archer versions prior to 6.7 P1 (6.7.0.1).
The severity of CVE-2020-5337 is medium with a CVSSv3 score of 6.1.
An attacker can exploit CVE-2020-5337 by tricking RSA Archer application users to click on maliciously crafted links and redirecting them to arbitrary web URLs.
Yes, RSA Archer has released a security update to address CVE-2020-5337. Please refer to the following reference for more information: [RSA Archer Security Update for Multiple Vulnerabilities](https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities).