Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-29253

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.

Published

2021-05-26T04:15:09.260

Last Modified

2024-11-21T06:00:53.517

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.1 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rsa	archer	< 6.6.0.8	Yes
Application	rsa	archer	< 6.7.0.8	Yes
Application	rsa	archer	< 6.8.0.5	Yes
Application	rsa	archer	< 6.9.0.2	Yes

References

https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223 Vendor Advisory ([email protected])
https://www.rsa.com/en-us/company/vulnerability-response-policy Vendor Advisory ([email protected])
https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.rsa.com/en-us/company/vulnerability-response-policy Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)