CVE Vulnerabilities

CVE-2018-11060

Published: Jul 24, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

Affected Software

Name Vendor Start Version End Version
Archer Rsa 6.1.0.0 (including) 6.1.0.3 (excluding)
Archer Rsa 6.2.0.0 (including) 6.2.0.10 (excluding)
Archer Rsa 6.3.0.0 (including) 6.3.0.7 (excluding)
Archer Rsa 6.4.0.0 (including) 6.4.0.0 (including)

References