{"api_version":"1","generated_at":"2026-04-23T00:40:33+00:00","cve":"CVE-2021-29253","urls":{"html":"https://cve.report/CVE-2021-29253","api":"https://cve.report/api/cve/CVE-2021-29253.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-29253","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-29253"},"summary":{"title":"CVE-2021-29253","description":"The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-05-26 04:15:00","updated_at":"2021-06-04 17:36:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223","name":"https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223","refsource":"CONFIRM","tags":[],"title":"RSA-2021-04: Archer, An RSA Business, Update for Multiple Vulnerabilities - RSA Link - 603223","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.rsa.com/en-us/company/vulnerability-response-policy","name":"https://www.rsa.com/en-us/company/vulnerability-response-policy","refsource":"MISC","tags":[],"title":"Vulnerability Response Policy","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-29253","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29253","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"29253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rsa","cpe5":"archer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-29253","qid":"730208","title":"RSA Archer Multiple Vulnerabilities (603223 AND 568059)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-29253","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.rsa.com/en-us/company/vulnerability-response-policy","refsource":"MISC","name":"https://www.rsa.com/en-us/company/vulnerability-response-policy"},{"refsource":"CONFIRM","name":"https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223","url":"https://community.rsa.com/t5/archer-product-advisories/rsa-2021-04-archer-an-rsa-business-update-for-multiple/ta-p/603223"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AC:H/AV:L/A:N/C:H/I:N/PR:N/S:U/UI:N","version":"3.1"}}},"nvd":{"publishedDate":"2021-05-26 04:15:00","lastModifiedDate":"2021-06-04 17:36:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.0.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.0.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.9.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.0.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"29253","Ordinal":"204448","Title":"CVE-2021-29253","CVE":"CVE-2021-29253","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"29253","Ordinal":"1","NoteData":"The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"29253","Ordinal":"2","NoteData":"2021-05-25","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"29253","Ordinal":"3","NoteData":"2021-05-25","Type":"Other","Title":"Modified"}]}}}