Archer@* Security Vulnerabilities and Issues — Archer@* CVE List

Lucene search

ArcherirmArcher*

10 matches found

CVE•added 2023/07/14 6:15 p.m.•2477 views

CVE-2023-32761

Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

8.1CVSS8AI score0.00328EPSS

CVE•added 2023/07/14 6:15 p.m.•2468 views

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

7.7CVSS6.1AI score0.00167EPSS

CVE•added 2023/05/01 10:15 p.m.•46 views

CVE-2023-30639

Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed relea...

7.1CVSS5AI score0.00201EPSS

CVE•added 2023/07/14 6:15 p.m.•33 views

CVE-2023-37223

Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.

5.4CVSS5.2AI score0.00526EPSS

CVE•added 2023/10/17 5:15 a.m.•30 views

CVE-2023-45357

Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.

6.5CVSS6AI score0.00097EPSS

CVE•added 2023/07/14 6:15 p.m.•25 views

CVE-2023-37224

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.

6CVSS5.2AI score0.00049EPSS

CVE•added 2023/12/12 8:15 a.m.•24 views

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass au...

8.8CVSS8.7AI score0.00009EPSS

CVE•added 2023/07/14 6:15 p.m.•21 views

CVE-2023-32759

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

7.5CVSS6AI score0.00171EPSS

CVE•added 2023/12/12 8:15 a.m.•21 views

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

5.4CVSS5.4AI score0.00209EPSS

CVE•added 2023/10/17 5:15 a.m.•20 views

CVE-2023-45358

Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...

8.5CVSS4.9AI score0.00148EPSS