CVE-2020-29537

Name of the Vulnerable Software and Affected Versions: Archer versions prior to 6.8 P2 (6.8.0.2)

Description: The issue allows a remote privileged attacker to potentially redirect legitimate users to arbitrary web sites, facilitating phishing attacks. This could lead to the theft of victims' credentials, enabling silent authentication to the Archer application without the victims' knowledge.

Recommendations: For versions prior to 6.8 P2 (6.8.0.2), update to version 6.8 P2 (6.8.0.2) or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that may be exploited through the open redirect vulnerability.