Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RSA Archer 安全漏洞
Vulnerability Description
RSA Archer是英国RSA公司的一款企业IT治理和合规治理的产品,包括策略、风险和合规定义和管理。它能够把我们所有的企业资产,还有一些监测到的信息全部汇总,整理到统一的平台之上,给出具有业务层面参考的价值,以及一些操作的智能和综合的管理。 RSA Archer 6.9.SP1 P3版本存在安全漏洞,该漏洞源于绕过/api/V2/internal/TaskPermissions/CheckTaskAccess端点拦截API请求。如果这个请求的参数被替换为空字段,攻击者就可以利用该漏洞访问被排除的功能。
CVSS Information
N/A
Vulnerability Type
N/A