Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

MNDT-2022-0020

Archer 6.x through 6.9 SP1 P4 (6.9.1.4) contains a stored XSS vulnerability. A remote authenticated administrative Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

Common Weakness Enumeration

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impact

Medium - An authenticated admin can execute arbitrary JavaScript in the victim's browser. This allows the attacker to impersonate the user to the application and can be used as part of an attack to steal user credentials.

Exploitability

Medium - The attacker requires a user account on the application in order to inject a script. Once a script is injected, it is stored in the application and all users can be affected.

CVE Reference

CVE-2021-33616

Technical Details

In the Admin module "Packages", a threat actor can modify or create a package and add an arbitrary description. A threat actor can replace its "Description" field with an XSS payload.

Discovery Credits

Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson

Disclosure Timeline

  • 2021-05-27 - Issue reported to RSA Archer.
  • 2022-05-01 - RSA Archer released a patch and posted a public Security Advisory.

References