CVE-2021-41594

Published: Mar 30, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions.

Affected (1)

Products: Rsa: Archer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rsa Archer	From 6.1.0.0 to 6.9.3.3

References (4)

https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497

Source: cve@mitre.org

Third Party Advisory

https://www.rsa.com/en-us/company/vulnerability-response-policy

Source: cve@mitre.org

Vendor Advisory

https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.rsa.com/en-us/company/vulnerability-response-policy

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.