CVE-2020-5331

HIGH

RSA Archer < 6.7.0.3 - Information Disclosure

Title source: rule

Description

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.

References (1)

[Vendor Advisory] https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities

Scores

CVSS v3 8.8

EPSS 0.0017

EPSS Percentile 37.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-200 CWE-598

Status published

Products (1)

rsa/archer < 6.7.0.3

Published May 04, 2020

Tracked Since Feb 18, 2026