Archer Security Vulnerabilities and Issues — Archer CVE List

Lucene search

ArcherirmArcher

10 matches found

CVE•added 2023/07/14 6:15 p.m.•2468 views

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

7.7CVSS6.1AI score0.00167EPSS

CVE•added 2024/03/08 2:15 a.m.•51 views

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.

7.5CVSS5.1AI score0.00103EPSS

CVE•added 2024/03/08 2:15 a.m.•50 views

CVE-2024-26313

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the da...

7.3CVSS6.3AI score0.00268EPSS

CVE•added 2023/05/01 10:15 p.m.•47 views

CVE-2023-30639

Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed relea...

7.1CVSS5AI score0.00201EPSS

CVE•added 2024/07/25 8:15 a.m.•43 views

CVE-2024-41705

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the ma...

7.1CVSS5.6AI score0.00201EPSS

CVE•added 2024/05/06 4:15 p.m.•42 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When vic...

7.3CVSS5.2AI score0.00145EPSS

CVE•added 2024/07/25 8:15 a.m.•42 views

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, ...

7.3CVSS5.6AI score0.00094EPSS

CVE•added 2024/05/06 4:15 p.m.•41 views

CVE-2024-34091

7.3CVSS5.2AI score0.00144EPSS

CVE•added 2024/05/06 4:15 p.m.•39 views

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

7.3CVSS5.6AI score0.00429EPSS

CVE•added 2023/07/14 6:15 p.m.•21 views

CVE-2023-32759

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

7.5CVSS6AI score0.00171EPSS