Archer Community

A vulnerability was recently discovered in Log4j, a commonly used open source logging library.   Applies To  Apache Publication: Apache Log4j Remote Code Execution  CVE-2021-44228  Details The following components are NOT affected: Archer Application *  Archer SaaS and Archer Hosted Archer Engage for Vendors Archer Engage for Business Users Archer Regulatory Content Analysis Archer Security Operations Management (SecOps) Solution *Notes for Archer Application The old GemFire caching service did make use of Log4j2 and the installer is designed to remove the folder, but if an error was encountered and skipped, it could still be present. The folder can be manually deleted. Without JRE present, it should pose no risk of exploitation. The Open-Source component list for Archer mentions Log4j2 as it relates to Elasticsearch. See below.   The following components ARE affected:  Elasticsearch join-search plugin Provided as a tool via the Archer platform installer for usage in joining Archer to the Elasticsearch cluster. Log4j2 is present on the servers as part of the plugin but poses no risk as it cannot be executed from there. It is designed for use in an Elasticsearch cluster. If you are not using Elasticsearch the plug-in can be deleted from the tools directory. Mitigation options if using Archer in an Elasticsearch cluster: Block outbound internet access from your Elasticsearch cluster Please check for any guidance issued by Elasticsearch The Archer support for Elasticsearch is being deprecated. We recommend customers apply the above mitigation and work to eliminate Archer from their Elasticsearch deployments. Next Steps We are continuing to monitor this vulnerability. As we continue to review this, Archer systems will be updated with the latest indicators of compromise (IOCs) and will continuously monitor any use of this software in our environments. This page will be updated with relevant information as Archer deems necessary. As is often the case in situations like this, as more information unfolds, additional CVEs and information are rolled out. If such additional information changes the information contained in this advisory, it will be updated. Please check back regularly for more information or direct specific concerns to your RSA Account Manager and/or RSA Technical Support representative. Legal Information Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support. RSA Security LLC and its affiliates distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and non-infringement. In no event shall RSA, its affiliates, or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates, or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Article Number 000036372 CVE ID 000036372 Article Summary RSA is aware of the side-channel vulnerabilities known as Speculative Store Bypass (CVE-2018-3639) and Rogue System Register Read (CVE-2018-3640) affecting many modern microprocessors that were published by researchers from Microsoft Security Response Center (MSRC) and Google Project Zero on 21 May 2018. An unprivileged attacker with local user access to the system could potentially exploit these vulnerabilities to read privileged memory data. For more information, please review security updates posted by Intel.   RSA is investigating the impact of these issues on our products. We will update this article regularly with impact details and mitigation steps as they become available. Mitigation steps may vary by product and may require updates to processor microcode (BIOS), Operating System (OS), Virtual Machine Manager (VMM), and other software components.   RSA recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions. Link to Advisories Intel Security Advisory INTEL-SA-00115: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html Intel Security Microsite: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html ADV180012 - Microsoft Guidance for Speculative Store Bypass for CVE-2018-3639: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 ADV180013 - Microsoft Guidance for Rogue System Register Read for CVE-2018-3640: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013 Microsoft Security Research and Defense blog: https://aka.ms/sescsrdssb Google Project Zero Blog: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 Resolution   RSA Product Name Versions Impact Status Details Last Updated 3D Secure / Adaptive Authentication eCommerce Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Access Manager 6.2 No direct impact See Note 1. 2018-05-21 Adaptive Authentication Cloud Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Adaptive Authentication Hosted Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Adaptive Authentication On-Prem All Supported No direct impact See Note 1. 2018-05-21 Archer Hosted (US) Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Archer Hosted (EMEA) Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Archer Platform All Supported No direct impact See Note 1. 2018-05-21 Archer Security Operations Management (SecOps) All Supported No direct impact See Note 1. 2018-05-21 Archer Vulnerability & Risk Manager (VRM) - Hardware Appliance All Supported No additional security risk See Note 3. 2018-05-21 Archer Vulnerability & Risk Manager (VRM) - Virtual Appliance All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-05-21 Authentication Manager (Hardware Appliance - Dell PowerEdge & Intel platforms) All Supported No additional security risk See Note 3. 2018-05-21 Authentication Manager (Virtual Appliance) All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-05-21 Authentication Manager Web Tier All Supported No direct impact See Note 1. 2018-05-21 BSAFE C Products: MES, Crypto-C ME, SSL-C All Supported No direct impact See Note 1. 2018-05-21 BSAFE Java Products: Cert-J, Crypto-J, SSL-J All Supported No direct impact See Note 1. 2018-05-21 Data Loss Prevention (Hardware Appliance) All Supported Impacted Remediation plan in progress. 2018-05-21 Data Loss Prevention (Virtual Appliance) All Supported Impacted Remediation plan in progress. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-05-21 Data Protection Manager (Software) All Supported No direct impact See Note 1. 2018-05-21 Data Protection Manager (Hardware Appliance) All Supported Impacted - Remediated RSA Data Protection Manager 3.5.2.7 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-189. 2018-10-02 Data Protection Manager (Virtual Appliance) All Supported Impacted - Remediated RSA Data Protection Manager 3.5.2.7 contains resolution for this issue. For more details, refer to the security advisory  DSA-2018-189. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-10-02 DCS: Certificate Manager 6.9 No direct impact See Note 1. 2018-05-21 DCS: Validation Manager 3.2 No direct impact See Note 1. 2018-05-21 eFraudNetwork (eFN) Current Hosted Environment No additional security risk See Note 2. 2018-05-30 enVision EOL   The product has reached End of Life.  2018-05-21 Federated Identity Manager 4.2 No direct impact See Note 1. 2018-05-21 FraudAction (OTMS) Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Identity Governance & Lifecycle (Software), Via Lifecycle & Governance (Software), Identity Management & Governance (Software) 7.1, 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 No direct impact See Note 1. 2018-05-21 Identity Governance & Lifecycle (Hardware Appliance), Via Lifecycle & Governance (Hardware Appliance), Identity Management & Governance (Hardware Appliance) 7.1, 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 Impacted - Remediated Refer to the Dell security advisory DSA-2018-179 for OS and BIOS updates. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-09-25 Identity Governance & Lifecycle (Virtual Application) 7.1 Impacted - Remediated Refer to the Dell security advisory DSA-2018-179 for OS updates. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-09-25 Identity Governance & Lifecycle SaaS / MyAccessLive   Under investigation Any Remote Agents or Remote AFX deployed in customer environment are a software product only and have no direct impact. See Note 1. 2018-05-21 NetWitness Endpoint (ECAT) All Supported No direct impact See Note 1. 2018-05-21 NetWitness Logs & Packets / Security Analytics (Hardware Appliance) All Supported No additional security risk See Note 3. 2018-05-21 NetWitness Logs & Packets / Security Analytics (Virtual Appliance) All Supported No additional security risk See Note 3. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-05-21 NetWitness Logs & Packets / Security Analytics - Legacy Windows Collector All Supported No direct impact See Note 1. 2018-05-21 NetWitness Live Infrastructure Current Hosted Environment No additional security risk See Note 2. 2018-05-30 RSA Authentication Client (RAC) All Supported No direct impact See Note 1. 2018-05-21 RSA Central Current Hosted Environment No additional security risk See Note 2. 2018-05-30 SecurID Access Cloud Service Current Hosted Environment No additional security risk See Note 2. 2018-05-30 SecurID Access IDR VM All Supported No additional security risk See Note 2. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. 2018-05-21 SecurID Agent for PAM All Supported No direct impact See Note 1. 2018-05-21 SecurID Agent for Web All Supported No direct impact See Note 1. 2018-05-21 SecurID Agent for Windows All Supported No direct impact See Note 1. 2018-05-21 SecurID Authenticate App for Android All Supported No direct impact See Note 1. 2018-05-21 SecurID Authenticate App for iOS All Supported No direct impact See Note 1. 2018-05-21 SecurID Authenticate App for Windows 10 All Supported No direct impact See Note 1. 2018-05-21 SecurID Authentication Engine All Supported No direct impact See Note 1. 2018-05-21 SecurID Authentication SDK All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token Converter All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token for Android All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token for Blackberry All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token for Desktop All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token for iPhone All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token for Windows Mobile All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token Toolbar All Supported No direct impact See Note 1. 2018-05-21 SecurID Software Token Web SDK All Supported No direct impact See Note 1. 2018-05-21 SecurID Transaction Signing SDK All Supported No direct impact See Note 1. 2018-05-21 SYN Current Hosted Environment No additional security risk See Note 2. 2018-05-30 Web Threat Detection All Supported No direct impact See Note 1. 2018-05-21 Note 1: It is a software product only. Reported vulnerabilities are best mitigated via firmware and operating system updates. Customers are strongly advised to patch their host systems where the product is installed. Note 2: To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. Note 3: ​To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed.  

  Summary Archer Release 6.14 P2 includes fixes for the Archer Platform. For additional details, see the Release Notes. In addition, this release includes the following enhancements for the Archer Platform: • Smart Data Publications has been updated to include the option of Relational File Schema. Available for SaaS only, this feature update makes migration to SaaS easier for customers using the Data Publications feature OnPrem. • Improvements have been made around Job Engine filters. The changes are designed to improve the efficiency of job processing. As part of these changes, we have also implemented Job Server Cleanup in the ACP, a frequently requested Archer Idea. Archer Administrators can now delete decommissioned servers via the ACP.  • Controls around image fields have been strengthened. Non-image files will result in a displayed warning where warranted. • Improvements have been made to address Advanced Workflow Service operation. • Improvements have been made for encoded handling of special characters in various parts of the UI. • UI enhancements in the areas of Dashboards, Application Builder and User Preferences have been added. • There are additions to the Excel Export for Audit Workpaper.   Release Notes • Archer Announces Availability of Archer Release 6.14 P2 Note: As there are no new additions to the Known Issues in the 6.14 P2 release, the “Archer 6.14 & Later Known Issues” PDF and Excel format files attached below have not been altered for this release.   Download Archer Platform downloads are available on the myRSA website. Please review Instructions to access Archer Platform Downloads through the RSA Registration Portal - myRSA to learn how to register and access the download.   Documentation • Archer 6.14 Platform Help • Archer 6.14 Control Panel Help • Presentation - Archer Release 6.14 P2 Overview • Archer Qualified and Supported Environments • Archer 6.14 & Later Known Issues (PDF format) • Archer.614 & Later Known Issues (Excel format)   Blogs Korean Language Support in 6.14.0.1 Archer Platform and Engage Downloads moving to MyArcher Altered Export Behavior for Large System Reports   Free Friday Tech Huddles Free Friday Tech Huddles provide free training that is offered by the Product Management and Support teams. • FFTH: Release 6.14 Overview, Next Gen Dashboard Enhancements and Mapbox • FFTH: Release 6.14 Highlights - Archer Audit Management Solution Updates • FFTH: Release 6.14 Highlights - ESG Management Solution Updates Register here to attend future sessions.   End of Product Support Policy Archer has a defined End of Primary Support policy associated with all major versions. For additional details, refer to the Product Version Life Cycle.

  Summary Archer Release 6.14 P3 includes fixes for the Archer Platform.   Release Notes Archer Announces Availability of Archer Release 6.13 P3   Download Archer Platform downloads are available on the myRSA website. Please review Instructions to access Archer Platform Downloads through the RSA Registration Portal - myRSA to learn how to register and access the download.   Documentation For all 6.13 related documentation please go to the following page: • Archer Release 6.13 Overview   End of Product Support Policy Archer has a defined End of Primary Support policy associated with all major versions. For additional details, refer to the Product Version Life Cycle.

  Summary Archer Release 6.14 P1 HF2 includes fixes for the Archer Platform.   Release Notes • Archer Announces Availability of Archer Release 6.14 P1 HF2   Download Archer Platform downloads are available on the myRSA website. Please review Instructions to access Archer Platform Downloads through the RSA Registration Portal - myRSA to learn how to register and access the download.   Documentation • Archer 6.14 Platform Help • Archer 6.14 Control Panel Help • Presentation - Archer Release 6.14 & P1 Overview • Archer Qualified and Supported Environments • Archer 6.14 & Later Known Issues (PDF format) • Archer.614 & Later Known Issues (Excel format)   Blogs • Korean Language Support in 6.14.0.1   Free Friday Tech Huddles Free Friday Tech Huddles Free Friday Tech Huddles provide free training that is offered by the Product Management and Support teams. • FFTH: Release 6.14 Overview, Next Gen Dashboard Enhancements and Mapbox • FFTH: Release 6.14 Highlights - Archer Audit Management Solution Updates • FFTH: Release 6.14 Highlights - ESG Management Solution Updates Register here to attend future sessions.   End of Product Support Policy Archer has a defined End of Primary Support policy associated with all major versions. For additional details, refer to the Product Version Life Cycle.