{ "id": "CVE-2020-5337", "sourceIdentifier": "security_alert@emc.com", "published": "2020-05-04T19:15:13.657", "lastModified": "2024-11-21T05:33:56.337", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites." }, { "lang": "es", "value": "RSA Archer, versiones anteriores a la versi\u00f3n 6.7 P1 (6.7.0.1), contienen una vulnerabilidad de redireccionamiento de URL. Un atacante remoto no autenticado podr\u00eda explotar potencialmente esta vulnerabilidad para redireccionar a los usuarios de la aplicaci\u00f3n hacia unas URL web arbitrarias para enga\u00f1ar a los usuarios v\u00edctimas para que hagan clic sobre enlaces dise\u00f1ados maliciosamente. La vulnerabilidad podr\u00eda ser usada para llevar a cabo ataques de phishing que causan que los usuarios visiten sitios maliciosos sin saberlo." } ], "metrics": { "cvssMetricV31": [ { "source": "security_alert@emc.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.1, "impactScore": 2.5 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "security_alert@emc.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-601" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-601" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.0.1", "matchCriteriaId": "0A327446-3359-42E5-9BA3-957CC0866AD3" } ] } ] } ], "references": [ { "url": "https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities", "source": "security_alert@emc.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }