Vulnerabilities > CVE-2021-38362 - Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/fireeye/Vulnerability-Disclosures
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
- https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497