Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed a vulnerability providing embedded URL redirection to untrusted sites.
The vulnerability has been given the CVE ID CVE-2018-1220 and affects RSA Archer versions prior to 184.108.40.206.
A remote attacker could potentially exploit the vulnerability to redirect genuine users to phishing websites. The redirect vulnerability was found in the QuickLinks feature.
CVSSv3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A)
Customers are recommended to upgrade to RSA Archer version 220.127.116.11. More information can be found at http://seclists.org/fulldisclosure/2018/Mar/12
Official release notes and security advisory can be found at https://community.rsa.com/docs/DOC-86356