CVE-2020-29535: RSA Archer Stored XSS
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is 5.3 Medium as per MITRE, NVD has not yet rated this Vulnerability. CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.3 Affected Version
Archer before 6.8 P4 (126.96.36.199)
1.4 Vulnerability Attribution
This vulnerability is reported by MITRE.
1.5 Risk Impact
Archer is a Leader in the most recent Gartner Magic Quadrant reports for IT Risk Management and IT Vendor Risk Management tools. Archer Suite empowers organizations to manage multiple dimensions of risk on one platform with on-premises and SaaS offerings, and quickly implement industry-standard processes and best practices for advanced risk management maturity, informed decision-making, and enhanced business performance.
Some of the customer using Archer as per this website.
Public exploit is not available at the time of writing. Exploiting this vulnerability will allow an attacker to store malicious script into Archer. Another user who access that page would execute that malicious script and in turn becomes vulnerable.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web capability can detect all types of stored XSS attack and prevent this attack from being exploited.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!