CVE-2020-5335

Name of the Vulnerable Software and Affected Versions RSA Archer versions prior to 6.7 P2 (6.7.0.2)

Description The issue allows a remote unauthenticated attacker to potentially exploit it by tricking a victim application user into sending arbitrary requests to the vulnerable application. This could result in server operations being performed with the privileges of the authenticated victim user.

Recommendations For versions prior to 6.7 P2 (6.7.0.2), update to version 6.7 P2 (6.7.0.2) or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery attacks, such as validating user requests and ensuring proper authentication and authorization mechanisms are in place.