In RSA Archer 6.x through 6.9 SP3 (, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *