EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vulnerabilities

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(139750);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/05/28");

  script_cve_id("CVE-2020-5334", "CVE-2020-5335");
  script_xref(name:"IAVA", value:"2020-A-0187-S");

  script_name(english:"EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 (6.7 P3) or 6.6 P6 (6.6.0.6). It is,
therefore, affected by multiple vulnerabilities:

  - RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a Document Object Model (DOM) based cross-site
    scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking
    a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The
    malicious code is then executed by the web browser in the context of the vulnerable web application (CVE-2020-5334).

  - RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote
    unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user
    to send arbitrary requests to the vulnerable application to perform server operations with the privileges of
    the authenticated victim user (CVE-2020-5335).");
  # https://www.dell.com/support/security/en-ie/details/DOC-111112/DSA-2020-049-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9524eeb5");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5335");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_archer_egrc");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_rsa_archer_detect.nbin");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}


include('http.inc');
include('vcf.inc');

app_name = 'EMC RSA Archer';
port = get_http_port(default:80);

app_info = vcf::get_app_info(app:app_name, webapp:TRUE, port:port);

constraints = [
  {'min_version' : '6.5.0', 'fixed_version' : '6.5.0.7', 'fixed_display' : '6.5 P7 (6.5.0.7)'},
  {'min_version' : '6.6.0', 'fixed_version' : '6.6.0.6', 'fixed_display' : '6.6 P6 (6.6.0.6)'},
  {'min_version' : '6.7.0', 'fixed_version' : '6.7.0.2', 'fixed_display' : '6.7 P2 (6.7.0.2)'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);