Vulnerability Details CVE-2021-38362
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
Products affected by CVE-2021-38362
-
cpe:2.3:a:rsa:archer:6.1.0.0
-
cpe:2.3:a:rsa:archer:6.1.0.3
-
cpe:2.3:a:rsa:archer:6.2
-
cpe:2.3:a:rsa:archer:6.3
-
cpe:2.3:a:rsa:archer:6.4
-
cpe:2.3:a:rsa:archer:6.4.0.1
-
cpe:2.3:a:rsa:archer:6.4.0.2
-
cpe:2.3:a:rsa:archer:6.5
-
cpe:2.3:a:rsa:archer:6.6.0.2
-
cpe:2.3:a:rsa:archer:6.6.0.3
-
cpe:2.3:a:rsa:archer:6.6.0.8
-
cpe:2.3:a:rsa:archer:6.7
-
cpe:2.3:a:rsa:archer:6.7.0.1
-
cpe:2.3:a:rsa:archer:6.7.0.2
-
cpe:2.3:a:rsa:archer:6.7.0.3
-
cpe:2.3:a:rsa:archer:6.7.0.8
-
cpe:2.3:a:rsa:archer:6.8
-
cpe:2.3:a:rsa:archer:6.8.0.2
-
cpe:2.3:a:rsa:archer:6.8.0.3
-
cpe:2.3:a:rsa:archer:6.8.0.4
-
cpe:2.3:a:rsa:archer:6.8.0.5
-
cpe:2.3:a:rsa:archer:6.9
-
cpe:2.3:a:rsa:archer:6.9.0.1
-
cpe:2.3:a:rsa:archer:6.9.0.2
-
cpe:2.3:a:rsa:archer:6.9.0.3
-
cpe:2.3:a:rsa:archer:6.9.1.0
-
cpe:2.3:a:rsa:archer:6.9.1.1
-
cpe:2.3:a:rsa:archer:6.9.1.4
-
cpe:2.3:a:rsa:archer:6.9.2.1
-
cpe:2.3:a:rsa:archer:6.9.2.2
-
cpe:2.3:a:rsa:archer:6.9.3.0