Archer Community

Special advisories relate to CVEs with broad industry interest even when we know our products and platforms are not affected.   Applies To MOVEit Transfer Publications: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023  CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2023-34362 https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 https://nvd.nist.gov/vuln/detail/CVE-2024-5806 Details Archer is aware of the MOVEit Transfer Vulnerabilities (CVE-2023-34362) disclosed on June 2, 2023 and (CVE-2024-5806) disclosed in June 2024. The following components are not affected: • Archer Application • Archer SaaS and Archer Hosted • Archer Engage for Vendors • Archer Engage • Archer Regulatory Content Analysis • Archer Insight Archer does not use MOVEit MFT.   Legal Information Read and use the information in this Archer Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Archer Technical Support. Archer distributes Archer Security Advisories in order to bring to the attention of users of the affected Archer products, important security information.  Archer recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Archer disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Archer, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Archer, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.      

Special advisories related to CVEs with broad industry interest even when we know our products and platforms are not affected.   Applies To Commons.Apache.org Publication: https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om  CVE Details: CVE-2022-42889    Details Archer is aware of the Apache Commons Text Vulnerability (CVE-2022-42889) disclosed on October 13, 2022. The following components are not affected: • Archer Application • Archer SaaS and Archer Hosted • Archer Engage for Vendors • Archer Engage  • Archer Regulatory Content Analysis • Archer Insight Legal Information Read and use the information in this Archer Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Archer Technical Support. Archer distributes Archer Security Advisories in order to bring to the attention of users of the affected Archer products, important security information. Archer recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Archer disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Archer, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Archer, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Archer Identifier SA-4   Applies To Okta Publication: https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/   Details Archer utilizes Okta for internal corporate SSO and has been developing (but has not yet deployed) Okta use relative to its cloud-based offerings such as Archer Hosting Services, Archer SaaS, and Archer Engage. Per the above-linked Okta Publication published on March 22, 2022, Okta has “concluded that a small percentage of customers – approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon. [It has] identified those customers and already reached out directly by email.” Archer has received no such communication from Okta and will continue the heightened infrastructure monitoring that was already in progress due to current world events. March 25, 2022 Update: Archer received a communication from Okta the evening of March 24 which read, "We analyzed more than 125,000 log entries to ascertain what actions were performed by Sitel during the relevant period. Based on this analysis, we have concluded that RSA Archer was not impacted."  Next Steps Archer will continue to monitor for the latest indicators of compromise (IOCs), including uses of Okta by Archer. This page will be updated with relevant information as Archer reasonably deems necessary. Customers of Archer cloud-based offerings who rely on their own Okta deployments are strongly encouraged to appropriately monitor their Okta implementations. Please check back regularly for more information or direct specific concerns to your Archer Account Manager and/or Archer Technical Support representative.   Legal Information Read and use the information in this Archer Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Archer Technical Support. Archer distributes Archer Security Advisories in order to bring to the attention of users of the affected Archer products, important security information. Archer recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Archer disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Archer, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Archer, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.  

Article Number 000036619 CVE ID CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Article Summary RSA is aware of a recently disclosed class of CPU speculative execution vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) known collectively as "L1 Terminal Fault" (L1TF) that affect Intel microprocessors. For more information on these vulnerabilities, please review the security advisory posted by Intel. RSA is investigating the impact of these vulnerabilities on our products and we are working with Intel and other industry partners to mitigate these vulnerabilities. Mitigation steps may vary by product and may include updates to firmware, operating system, and hypervisor components. RSA recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions. Link to Advisories Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018 RedHat: https://access.redhat.com/security/vulnerabilities/L1TF SuSe: https://www.suse.com/c/suse-addresses-the-l1-terminal-fault-issue/ Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF VMWare: https://kb.vmware.com/kb/55636 Resolution   RSA Product Name Versions Impact Status Details Last Updated 3D Secure / Adaptive Authentication eCommerce Current Hosted Environment No additional security risk See Note 2. 2018-08-14 Access Manager 6.2 No direct impact See Note 1. 2018-08-14 Adaptive Authentication Cloud Current Hosted Environment No additional security risk We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. 2018-08-15 Adaptive Authentication Hosted Current Hosted Environment No additional security risk See Note 2. 2018-08-14 Adaptive Authentication On-Prem All Supported No direct impact See Note 1. 2018-08-14 Archer Hosted (US) Current Hosted Environment No additional security risk See Note 2. 2018-08-14 Archer Hosted (EMEA) Current Hosted Environment No additional security risk See Note 2. 2018-08-14 Archer Platform All Supported No direct impact See Note 1. 2018-08-14 Archer Security Operations Management (SecOps) All Supported No direct impact See Note 1. 2018-08-14 Archer Vulnerability & Risk Manager (VRM) - Hardware Appliance All Supported No additional security risk See Note 3. 2018-08-14 Archer Vulnerability & Risk Manager (VRM) - Virtual Appliance All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-08-14 Authentication Manager (Hardware Appliance - Dell PowerEdge & Intel platforms) All Supported No additional security risk See Note 3. 2018-08-14 Authentication Manager (Virtual Appliance) All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-08-14 Authentication Manager Web Tier All Supported No direct impact See Note 1. 2018-08-14 BSAFE C Products: MES, Crypto-C ME, SSL-C All Supported No direct impact See Note 1. 2018-08-14 BSAFE Java Products: Cert-J, Crypto-J, SSL-J All Supported No direct impact See Note 1. 2018-08-14 Data Loss Prevention (Hardware Appliance) All Supported Impacted Remediation plan in progress. 2018-08-14 Data Loss Prevention (Virtual Appliance) All Supported Impacted Remediation plan in progress. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-08-14 Data Protection Manager (Software) All Supported No direct impact See Note 1. 2018-08-14 Data Protection Manager (Hardware Appliance) All Supported Impacted - Remediated RSA Data Protection Manager 3.5.2.7 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-189. 2018-10-02 Data Protection Manager (Virtual Appliance) All Supported Impacted - Remediated RSA Data Protection Manager 3.5.2.7 contains resolution for this issue. For more details, refer to the security advisory  DSA-2018-189. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-10-02 DCS: Certificate Manager 6.9 No direct impact See Note 1. 2018-08-14 DCS: Validation Manager 3.2 No direct impact See Note 1. 2018-08-14 eFraudNetwork (eFN) Current Hosted Environment No additional security risk See Note 2. 2018-08-14 enVision EOL   The product has reached End of Life.  2018-08-14 Federated Identity Manager 4.2 No direct impact See Note 1. 2018-08-14 FraudAction (OTMS) Current Hosted Environment No additional security risk See Note 2. 2018-08-14 Identity Governance & Lifecycle (Software), Via Lifecycle & Governance (Software), Identity Management & Governance (Software) 7.1, 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 No direct impact See Note 1. 2018-08-14 Identity Governance & Lifecycle (Hardware Appliance), Via Lifecycle & Governance (Hardware Appliance), Identity Management & Governance (Hardware Appliance) 7.1, 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 Impacted - Remediated Refer to the security advisory  DSA-2018-202. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-10-26 Identity Governance & Lifecycle (Virtual Application) 7.1 Impacted - Remediated Refer to the security advisory  DSA-2018-202. Customers are strongly advised to also patch the virtual host environment where the product is deployed for full protection. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-10-26 Identity Governance & Lifecycle SaaS / MyAccessLive   Under investigation Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-08-14 NetWitness Endpoint (ECAT) All Supported No direct impact See Note 1. 2018-08-14 NetWitness Logs & Packets / Security Analytics (Hardware Appliance) All Supported No additional security risk See Note 3. 2018-08-14 NetWitness Logs & Packets / Security Analytics (Virtual Appliance) All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-08-14 NetWitness Logs & Packets / Security Analytics - Legacy Windows Collector All Supported No direct impact See Note 1. 2018-08-14 NetWitness Live Infrastructure Current Hosted Environment No additional security risk We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. 2018-08-15 RSA Authentication Client (RAC) All Supported No direct impact See Note 1. 2018-08-14 RSA Central Current Hosted Environment No additional security risk See Note 2. 2018-08-14 SecurID Access Cloud Service Current Hosted Environment No additional security risk We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. 2018-08-15 SecurID Access IDR VM All Supported No additional security risk See Note 2. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-08-14 SecurID Agent for PAM All Supported No direct impact See Note 1. 2018-08-14 SecurID Agent for Web All Supported No direct impact See Note 1. 2018-08-14 SecurID Agent for Windows All Supported No direct impact See Note 1. 2018-08-14 SecurID Authenticate App for Android All Supported No direct impact See Note 1. 2018-08-14 SecurID Authenticate App for iOS All Supported No direct impact See Note 1. 2018-08-14 SecurID Authenticate App for Windows 10 All Supported No direct impact See Note 1. 2018-08-14 SecurID Authentication Engine All Supported No direct impact See Note 1. 2018-08-14 SecurID Authentication SDK All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token Converter All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token for Android All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token for Blackberry All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token for Desktop All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token for iPhone All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token for Windows Mobile All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token Toolbar All Supported No direct impact See Note 1. 2018-08-14 SecurID Software Token Web SDK All Supported No direct impact See Note 1. 2018-08-14 SecurID Transaction Signing SDK All Supported No direct impact See Note 1. 2018-08-14 SYN Current Hosted Environment No additional security risk We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. 2018-08-15 Web Threat Detection All Supported No direct impact See Note 1. 2018-08-14 Note 1: It is a software product only. Reported vulnerabilities are best mitigated via firmware and operating system updates. Customers are strongly advised to patch their host systems where the product is installed. Note 2: To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. Note 3: ​To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed.   Disclaimer Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell EMC, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Article Number 000036587 CVE ID CVE-2017-1000048, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1273, CVE-2018-1274, CVE-2015-9251 Applies To RSA Product Set: Archer​ RSA Product/Service Type: Archer​ RSA Version/Condition: 6.4 SP1 ​   Article Summary CVE ID: The Common Vulnerabilities and Exposures Identifiers (CVE IDs) are listed in the table below.   Issue Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC RSA Archer 6.4 SP1, but which may be flagged by security scanners.   Link to Advisories: Each CVE ID listed can be searched using the following link: https://web.nvd.nist.gov/view/vuln/search. Once there, you can search for each CVE ID referenced in this article for more details.   Impact Details: The vulnerabilities listed in the table below are in order by the date on which RSA Archer Engineering determined that RSA Archer 6.4 SP1 was not vulnerable.     CVE ID Summary of Vulnerability Reason Product is Not Vulnerable Date Determined False Positive CVE-2017-1000048 ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a denial-of-service (DoS). Component version used is higher than the impacted version. June 13, 2018 CVE-2018-1270 Spring Framework is vulnerable to remote code execution (RCE) due to lack of proper validation of user-supplied input. GemFire caching does not leverage the vulnerable component. June 13, 2018 CVE-2018-1271 Spring Framework is vulnerable to directory traversal due to the way static content can be loaded. GemFire does not serve files from the file system. June 19, 2018 CVE-2018-1272 Spring Framework is vulnerable to privilege escalation due to insufficient validation of user-supplied input. GemFire caching does not leverage the vulnerable component. June 17, 2018 CVE-2018-1273 Spring Data Commons contain a property binder vulnerability caused by improper neutralization of special elements. GemFire is not shipped with the vulnerable component. June 29, 2018 CVE-2018-1274 Spring Data Commons is vulnerable to denial-of-service (DoS) because it does not check for lengthy path names. GemFire is not shipped with the vulnerable component. June 29, 2018 CVE-2015-9251   Library is vulnerable to cross-site scripting (XSS) attack caused by a lack of user input sanitization. Local help system is not leveraged by web server component involving user session and user input. July 5, 2018       Link to Advisories https://web.nvd.nist.gov/view/vuln/search Alert Impact Not Exploitable Disclaimer Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell EMC, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.