{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-29T06:32:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.rsa.com/docs/DOC-115223"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy", "refsource": "MISC", "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"name": "https://community.rsa.com/docs/DOC-115223", "refsource": "CONFIRM", "url": "https://community.rsa.com/docs/DOC-115223"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:10.305Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://community.rsa.com/docs/DOC-115223"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29535", "datePublished": "2021-01-29T06:32:39", "dateReserved": "2020-12-03T00:00:00", "dateUpdated": "2024-08-04T16:55:10.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D2F9FD3-9AE0-4C22-8983-122137A37E3C", "versionEndExcluding": "6.6.0.8", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D6A7FD0-CF21-4B3D-8E75-A9E602DA6E80", "versionEndExcluding": "6.7.0.8", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCFDCA11-635C-4362-9333-20496E12395E", "versionEndExcluding": "6.8.0.5", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C60065A5-5D15-4068-885A-E8623791BE3E", "versionEndExcluding": "6.9.0.1", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."}, {"lang": "es", "value": "Archer versiones anteriores a 6.8 P4 (6.8.0.4), contiene una vulnerabilidad de tipo XSS almacenado. Un usuario de Archer malicioso autenticado remoto podr\u00eda explotar esta vulnerabilidad para almacenar c\u00f3digo HTML o JavaScript malicioso en un almac\u00e9n confiable de datos de aplicaci\u00f3n. Cuando los usuarios de la aplicaci\u00f3n acceden al almac\u00e9n de datos corrupto por medio de sus navegadores, el c\u00f3digo malicioso es ejecutado por el navegador web en el contexto de la aplicaci\u00f3n web vulnerable"}], "id": "CVE-2020-29535", "lastModified": "2024-11-21T05:24:09.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-29T07:15:17.450", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.rsa.com/docs/DOC-115223"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.rsa.com/docs/DOC-115223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}