First published: Wed Mar 30 2022(Updated: )
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.9.3.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-38362.
CVE-2021-38362 has a severity rating of 6.5 (medium).
CVE-2021-38362 affects RSA Archer 6.x through 6.9 SP3 (6.9.3.0).
CVE-2021-38362 belongs to CWE category 639.
An authenticated attacker can make a GET request to a vulnerable REST API endpoint in RSA Archer and retrieve sensitive data.