CVE-2021-29253 - OpenCVE

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rsa	Archer

Configuration 1 [-]

OR	cpe:2.3:a:rsa:archer::::::::
	cpe:2.3:a:rsa:archer::::::::
	cpe:2.3:a:rsa:archer::::::::
	cpe:2.3:a:rsa:archer::::::::

No data.

References

Link	Providers
https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223
https://www.rsa.com/en-us/company/vulnerability-response-policy

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-26T03:57:50

Updated: 2024-08-03T22:02:51.222Z

Reserved: 2021-03-26T00:00:00

Link: CVE-2021-29253

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-26T04:15:09.260

Modified: 2021-06-04T17:36:54.833

Link: CVE-2021-29253

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:N/PR:N/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-26T03:57:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29253", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:N/PR:N/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy", "refsource": "MISC", "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"name": "https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223", "refsource": "CONFIRM", "url": "https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:02:51.222Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29253", "datePublished": "2021-05-26T03:57:50", "dateReserved": "2021-03-26T00:00:00", "dateUpdated": "2024-08-03T22:02:51.222Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC7F0829-9814-43F2-B43A-347EF6FA5614", "versionEndExcluding": "6.6.0.8", "versionStartIncluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D6A7FD0-CF21-4B3D-8E75-A9E602DA6E80", "versionEndExcluding": "6.7.0.8", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCFDCA11-635C-4362-9333-20496E12395E", "versionEndExcluding": "6.8.0.5", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "284AC9E9-E98F-44C9-AA0D-005BEB5EF4F2", "versionEndExcluding": "6.9.0.2", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks."}, {"lang": "es", "value": "La integraci\u00f3n de Tableau en RSA Archer versiones 6.4 P1 (6.4.0.1) hasta 6.9 P2 (6.9.0.2) est\u00e1 afectada por una vulnerabilidad de almacenamiento de credenciales no segura. Un atacante malicioso con acceso al archivo de Tableau workbook puede conseguir acceso a la informaci\u00f3n de las credenciales para usarla en futuros ataques"}], "id": "CVE-2021-29253", "lastModified": "2021-06-04T17:36:54.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2021-05-26T04:15:09.260", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}