CVE-2019-3758

CRITICAL

RSA Archer <6.6.0.2 - Auth Bypass

Title source: llm

Description

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

References (1)

[Vendor Advisory] https://community.rsa.com/docs/DOC-106759

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521 CWE-288

Status published

Products (1)

rsa/archer < 6.6.0.2

Published Sep 18, 2019

Tracked Since Feb 18, 2026