PT-2022-18134 · Rsa · Archery

Published

2022-03-29

Updated

2022-04-06

CVE-2022-26948

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Archer versions 6.x through 6.9 SP1 (6.9.1.0)

Description The Archer RSS feed integration is affected by an insecure credential storage issue. A malicious attacker may obtain access to credential information to use it in further attacks.

Recommendations For versions 6.x through 6.9 SP1 (6.9.1.0), consider disabling the RSS feed integration until a patch is available to prevent potential exploitation of the insecure credential storage vulnerability.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-26948

Affected Products

Archery

PT-2022-18134 · Rsa · Archery

CVE-2022-26948

Weakness Enumeration

Related Identifiers

Affected Products

References · 6