First published: Tue Mar 29 2022(Updated: )
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.9.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26950 is an open redirect vulnerability that affects Archer 6.x through 6.9 P2 (6.9.0.2).
CVE-2022-26950 allows a remote unprivileged attacker to redirect legitimate users to arbitrary websites and conduct phishing attacks in RSA Archer.
The severity of CVE-2022-26950 is medium with a CVSS score of 6.1.
An attacker can exploit the open redirect vulnerability in CVE-2022-26950 by tricking users into clicking on a malicious link, redirecting them to a phishing site to steal their credentials.
At the moment, there is no specific fix available for CVE-2022-26950. It is recommended to follow the general security best practices and stay updated with any patches or security advisories provided by RSA Archer.