The REST API in Archer 6.x through 6.9 SP3 (6.9.3.0) contains an authorization bypass vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information.
CWE-639: Authorization Bypass Through User-Controlled Key
Medium: Low privileged users can get sensitive information such as domain usernames, RSA Archer usernames, positions, and emails. This information could be used to aid other attacks.
High: Any authorized user can access this information by performing a GET request to the affected scope.
CVE-2021-38362
As a low privileged user, a threat actor can access the user profile API and iterate through sequential IDs to enumerate sensitive information such as domain usernames, RSA Archer usernames, positions, and emails.
Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson
- 2021-05-27 - Issue reported to RSA Archer.
- 2022-05-01 - RSA Archer released a patch and posted a public Security Advisory.