Vulnerability discovered in RSA Archer GRC

mnemonic discovers vulnerability affecting RSA Archer GRC

Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed a vulnerability providing embedded URL redirection to untrusted sites.

The vulnerability has been given the CVE ID CVE-2018-1220 and affects RSA Archer versions prior to

A remote attacker could potentially exploit the vulnerability to redirect genuine users to phishing websites. The redirect vulnerability was found in the QuickLinks feature. 

CVSSv3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A)


Customers are recommended to upgrade to RSA Archer version More information can be found at 

Official release notes and security advisory can be found at