1. Home
  2. Web App Vulnerabilities
  3. How to remediate – EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vul...
Searching...

How to remediate – EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vul...

Contents

1. Introduction

EMC RSA Archer versions prior to 6.7.0.3 (6.7 P3) or 6.6.0.6 are affected by multiple vulnerabilities, including cross-site scripting and cross-site request forgery. These flaws could allow an attacker to execute malicious code in a user’s browser or perform actions on their behalf without their knowledge. This impacts systems used for governance, risk, and compliance management. A successful exploit could compromise confidentiality, integrity, and availability of sensitive data within the Archer application.

2. Technical Explanation

The vulnerabilities stem from insufficient input validation and protection against cross-site request forgery in older versions of EMC RSA Archer. An unauthenticated attacker can inject malicious HTML or JavaScript code into the DOM environment, leading to XSS exploitation. Similarly, an attacker could trick a user into sending arbitrary requests to the application, performing actions as that authenticated user (CSRF). Exploitation requires a victim user to visit a specially crafted web page or click a malicious link.

  • Root cause: Lack of proper input sanitization and cross-site request forgery protection mechanisms.
  • Exploit mechanism: An attacker crafts a URL containing malicious JavaScript code, which is then executed in the context of the victim’s browser when they access it. For CSRF, an attacker creates a forged request that appears to originate from a legitimate user session.
  • Scope: EMC RSA Archer versions 6.5.0.7 and earlier, 6.6.0.6 and earlier, and 6.7.0.2 and earlier are affected.

3. Detection and Assessment

You can confirm vulnerability by checking the installed version of RSA Archer. A thorough assessment involves using a web application scanner to identify XSS and CSRF vulnerabilities.

  • Quick checks: Check the ‘About’ section within the RSA Archer web interface for the version number.
  • Scanning: Nessus, Burp Suite, or OWASP ZAP can be used to scan for CVE-2020-5334 and CVE-2020-5335. These are examples only; scanner results should always be verified manually.
  • Logs and evidence: Examine web server logs for suspicious requests containing JavaScript code or unexpected parameters. Look for patterns indicative of XSS attempts (e.g., `