Archer@2024.03 Security Vulnerabilities and Issues — Archer@2024.03 CVE List

Lucene search

ArcherirmArcher2024.03

5 matches found

CVE•added 2024/05/06 4:15 p.m.•44 views

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.

8.8CVSS6.8AI score0.00094EPSS

CVE•added 2024/05/06 4:15 p.m.•42 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When vic...

7.3CVSS5.2AI score0.00145EPSS

CVE•added 2024/05/06 4:15 p.m.•41 views

CVE-2024-34091

7.3CVSS5.2AI score0.00144EPSS

CVE•added 2024/05/06 4:15 p.m.•39 views

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

7.3CVSS5.6AI score0.00429EPSS

CVE•added 2024/05/06 4:15 p.m.•36 views

CVE-2024-34093

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.

5.3CVSS7AI score0.00141EPSS