mnemonic Labs

mnemonic's experts share their views and news on all things security.

Vulnerability discovered in RSA Archer GRC

mnemonic discovers vulnerability affecting RSA Archer GRC

Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed a vulnerability providing embedded URL redirection to untrusted sites.

The vulnerability has been given the CVE ID CVE-2018-1220 and affects RSA Archer versions prior to 6.2.0.8.

A remote attacker could potentially exploit the vulnerability to redirect genuine users to phishing websites. The redirect vulnerability was found in the QuickLinks feature. 

CVSSv3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A)

 

Customers are recommended to upgrade to RSA Archer version 6.2.0.8. More information can be found at http://seclists.org/fulldisclosure/2018/Mar/12 

Official release notes and security advisory can be found at https://community.rsa.com/docs/DOC-86356