Lucene search

MitreCVELIST:CVE-2022-26948

HistoryMar 29, 2022 - 11:33 p.m.

CVE-2022-26948

2022-03-2923:33:12

mitre

www.cve.org

archer

rss feed

integration

insecure credential storage

vulnerability

malicious attacker

credential information

further attacks

CVSS3

5.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.

References

www.archerirm.community/t5/general-support-information/tkb-p/information-support

www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497

CVSS3

5.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON

Related for CVELIST:CVE-2022-26948