MNDT-2022-0021
The REST API in Archer 6.x through 6.9 SP3 (6.9.3.0) contains an authorization bypass vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information.
Common Weakness Enumeration
CWE-639: Authorization Bypass Through User-Controlled Key
Impact
Medium: Low privileged users can get sensitive information such as domain usernames, RSA Archer usernames, positions, and emails. This information could be used to aid other attacks.
Exploitability
High: Any authorized user can access this information by performing a GET request to the affected scope.
CVE Reference
CVE-2021-38362
Technical Details
As a low privileged user, a threat actor can access the user profile API and iterate through sequential IDs to enumerate sensitive information such as domain usernames, RSA Archer usernames, positions, and emails.
Discovery Credits
Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson
Disclosure Timeline
- 2021-05-27 - Issue reported to RSA Archer.
- 2022-05-01 - RSA Archer released a patch and posted a public Security Advisory.