CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29537
https://notcve.org/view.php?id=CVE-2020-29537
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. Archer versiones anteriores a 6.8 P2 (6.8.0.2), está afectado por una vulnerabilidad de redireccionamiento abierto. Un atacante privilegiado remoto puede potencialmente redireccionar a usuarios legítimos a sitios web arbitrarios y llevar a cabo ataques de phishing. • https://community.rsa.com/docs/DOC-115223 https://www.rsa.com/en-us/company/vulnerability-response-policy • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29535
https://notcve.org/view.php?id=CVE-2020-29535
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Archer versiones anteriores a 6.8 P4 (6.8.0.4), contiene una vulnerabilidad de tipo XSS almacenado. Un usuario de Archer malicioso autenticado remoto podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en un almacén confiable de datos de aplicación. • https://community.rsa.com/docs/DOC-115223 https://www.rsa.com/en-us/company/vulnerability-response-policy • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5337
https://notcve.org/view.php?id=CVE-2020-5337
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. RSA Archer, versiones anteriores a la versión 6.7 P1 (6.7.0.1), contienen una vulnerabilidad de redireccionamiento de URL. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad para redireccionar a los usuarios de la aplicación hacia unas URL web arbitrarias para engañar a los usuarios víctimas para que hagan clic sobre enlaces diseñados maliciosamente. • https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5336
https://notcve.org/view.php?id=CVE-2020-5336
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system. RSA Archer, versiones anteriores a la versión 6.7 P1 (6.7.0.1), contienen una vulnerabilidad de inyección de URL. Un atacante no autenticado podría explotar potencialmente esta vulnerabilidad al engañar a un usuario víctima de la aplicación para que ejecute código JavaScript malicioso sobre el sistema afectado. • https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5335
https://notcve.org/view.php?id=CVE-2020-5335
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. RSA Archer, versiones anteriores a la versión 6.7 P2 (6.7.0.2), contienen una vulnerabilidad de tipo cross-site request forgery. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad al engañar a un usuario víctima de la aplicación para que envíe peticiones arbitrarias hacia una aplicación vulnerable para llevar a cabo operaciones de servidor con los privilegios del usuario víctima autenticado. • https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •