CVE-2022-26950

Name of the Vulnerable Software and Affected Versions Archer versions 6.x through 6.9 P2 (6.9.0.2)

Description The issue allows a remote unprivileged attacker to potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

Recommendations For versions 6.x through 6.9 P2 (6.9.0.2), consider restricting access to sensitive features until a patch is available. As a temporary workaround, consider implementing additional authentication steps to minimize the risk of silent authentication. Avoid using the Archer application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.