CVE-2022-26950
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.
Archer versiones 6.x hasta 6.9 P2 (6.9.0.2) está afectado por una vulnerabilidad de redireccionamiento abierto. Un atacante remoto no privilegiado puede potencialmente redirigir a usuarios legítimos a sitios web arbitrarios y realizar ataques de phishing. El atacante podría entonces robar las credenciales de las víctimas y autenticarlas silenciosamente en la aplicación Archer sin que las víctimas den de cuenta de que ha sido producido un ataque
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-12 CVE Reserved
- 2022-03-29 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rsa Search vendor "Rsa" | Archer Search vendor "Rsa" for product "Archer" | >= 6.1.0.0 < 6.9.0.3 Search vendor "Rsa" for product "Archer" and version " >= 6.1.0.0 < 6.9.0.3" | - |
Affected
|