CVE-2018-11060 : What You Need to Know

This CVE-2018-11060 article provides insights into a vulnerability in RSA Archer versions prior to 6.4.0.1, allowing an authorization bypass through the REST API.

Understanding CVE-2018-11060

This CVE involves a security flaw in RSA Archer that could be exploited by a remote authenticated attacker to gain elevated privileges.

What is CVE-2018-11060?

The vulnerability in RSA Archer versions older than 6.4.0.1 enables a malicious user to bypass authorization via the REST API, potentially leading to unauthorized access and privilege escalation.

The Impact of CVE-2018-11060

The vulnerability poses a high risk with a CVSS base score of 8.8, indicating a significant impact on confidentiality, integrity, and availability of affected systems.

Technical Details of CVE-2018-11060

This section delves into the specifics of the vulnerability.

Vulnerability Description

RSA Archer versions prior to 6.4.0.1 contain a flaw in the REST API that allows a remote authenticated attacker to bypass authorization, potentially leading to privilege escalation.

Affected Systems and Versions

Product: RSA Archer
Vendor: Dell EMC
Versions Affected: Next of 6.4.0.1 (custom version)

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality, Integrity, and Availability Impact: High

Mitigation and Prevention

Protecting systems from CVE-2018-11060 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update RSA Archer to version 6.4.0.1 or newer to mitigate the vulnerability.
Monitor and restrict access to the REST API to authorized users only.

Long-Term Security Practices

Regularly review and update access controls and user privileges.
Conduct security assessments and penetration testing to identify and address vulnerabilities.

Patching and Updates

Apply security patches and updates provided by Dell EMC to address the vulnerability in RSA Archer.