EMC RSA Archer 6.6 < 6.6 P8 / 6.7 < 6.7 P8 / 6.8 < 6.8 P5 / 6.9 < 6.9 P2 Insecure Credential Storage

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');

include('compat.inc');

if (description)
{
  script_id(150048);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/07");

  script_cve_id("CVE-2021-29253");
  script_xref(name:"IAVA", value:"2021-A-0256");

  script_name(english:"EMC RSA Archer 6.6 < 6.6 P8 / 6.7 < 6.7 P8 / 6.8 < 6.8 P5 / 6.9 < 6.9 P2 Insecure Credential Storage");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by an insecure credential storage vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of EMC RSA Archer running on the remote web server is 6.6.x prior to 6.6.0.8 (6.6 P8), 6.7.x prior to
6.7.0.8 (6.7 P8), 6.8.x prior to 6.8.0.5 (6.8 P5) or 6.9.x prior to 6.9.0.2 (6.9 P2). It is, therefore, affected by an
insecure credential storage vulnerability with Archer Tableau integration. A malicious attacker with access to the
Tableau workbook file may obtain access to credential information to use it in further attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?14589931");
  script_set_attribute(attribute:"solution", value:
"Update to 6.6 P8, 6.7 P8, 6.8 P5, 6.9 P2, or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29253");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_archer_egrc");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_rsa_archer_detect.nbin");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include('http.inc');
include('vcf.inc');

var app_name = 'EMC RSA Archer';
var port = get_http_port(default:80);

var app_info = vcf::get_app_info(app:app_name, webapp:TRUE, port:port);

var constraints = [
  {'min_version' : '6.6', 'fixed_version' : '6.6.0.8', 'fixed_display' : '6.6 P8 (6.6.0.8)'},
  {'min_version' : '6.7', 'fixed_version' : '6.7.0.8', 'fixed_display' : '6.7 P8 (6.7.0.8)'},
  {'min_version' : '6.8', 'fixed_version' : '6.8.0.5', 'fixed_display' : '6.8 P5 (6.8.0.5)'},
  {'min_version' : '6.9', 'fixed_version' : '6.9.0.2', 'fixed_display' : '6.9 P2 (6.9.0.2)'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);