Skrevet av:

Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed a vulnerability providing embedded URL redirection to untrusted sites.

The vulnerability has been given the CVE ID CVE-2018-1220 and affects RSA Archer versions prior to 6.2.0.8.

A remote attacker could potentially exploit the vulnerability to redirect genuine users to phishing websites. The redirect vulnerability was found in the QuickLinks feature. 

CVSSv3 Base Score: 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A)

 

Customers are recommended to upgrade to RSA Archer version 6.2.0.8. More information can be found at http://seclists.org/fulldisclosure/2018/Mar/12 

Official release notes and security advisory can be found at https://community.rsa.com/docs/DOC-86356