First published: Tue Mar 29 2022(Updated: )
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.9.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-26949.
The severity of CVE-2022-26949 is medium with a CVSS score of 6.5.
The affected software is RSA Archer 6.x through 6.9 SP2 P1 (6.9.2.1).
A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.
You can find more information about this vulnerability at the following links: [link1](https://www.archerirm.community/t5/general-support-information/tkb-p/information-support), [link2](https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497)