CVE-2019-3758

CRITICAL

RSA Archer < 6.6.0.2 - Unauthenticated Authentication Bypass via Weak Password Requirements

Title source: llm
STIX 2.1

Description

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://community.rsa.com/docs/DOC-106759

Scores

CVSS v3 9.8
EPSS 0.0146
EPSS Percentile 70.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-521 CWE-288
Status published
Products (1)
rsa/archer < 6.6.0.2
Published Sep 18, 2019
Tracked Since Feb 18, 2026