CVE-2020-5337
MEDIUMRSA Archer < 6.7.0.1 - Unauthenticated Open Redirect via Malicious Link
Title source: llmDescription
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.dell.com/support/security/en-us/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities
Scores
CVSS v3
4.6
EPSS
0.0075
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
rsa/archer
< 6.7.0.1
Published
May 04, 2020
Tracked Since
Feb 18, 2026