CVE-2021-41594

Name of the Vulnerable Software and Affected Versions RSA Archer version 6.9.SP1 P3

Description The issue allows an attacker to bypass precluded application functions by intercepting the API request at the "/api/V2/internal/TaskPermissions/CheckTaskAccess" endpoint. If the parameters of this request are replaced with empty fields, the attacker can achieve access to the precluded functions.

Recommendations For RSA Archer version 6.9.SP1 P3, as a temporary workaround, consider restricting access to the "/api/V2/internal/TaskPermissions/CheckTaskAccess" endpoint until a patch is available. Additionally, ensure that all API requests are properly validated to prevent parameter manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.