Archer Security Vulnerabilities and Issues — Archer CVE List

Lucene search

ArcherirmArcher

17 matches found

CVE•added 2024/10/22 5:15 p.m.•75 views

CVE-2024-49209

Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons.

6.5CVSS7.1AI score0.00067EPSS

CVE•added 2024/02/21 8:15 p.m.•63 views

CVE-2024-26310

Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2024/05/06 4:15 p.m.•60 views

CVE-2024-26312

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

4.3CVSS6AI score0.0035EPSS

CVE•added 2024/03/08 2:15 a.m.•51 views

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.

7.5CVSS5.1AI score0.00076EPSS

CVE•added 2024/03/08 2:15 a.m.•50 views

CVE-2024-26313

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the da...

7.3CVSS6.3AI score0.00197EPSS

CVE•added 2024/07/25 8:15 a.m.•47 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store ...

5.4CVSS6.9AI score0.00094EPSS

CVE•added 2024/05/06 4:15 p.m.•44 views

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.

8.8CVSS6.8AI score0.00094EPSS

CVE•added 2024/07/25 8:15 a.m.•43 views

CVE-2024-41705

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the ma...

7.1CVSS5.6AI score0.00201EPSS

CVE•added 2024/05/06 4:15 p.m.•42 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When vic...

7.3CVSS5.2AI score0.00145EPSS

CVE•added 2024/07/25 8:15 a.m.•42 views

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, ...

7.3CVSS5.6AI score0.00094EPSS

CVE•added 2024/05/06 4:15 p.m.•41 views

CVE-2024-34091

7.3CVSS5.2AI score0.00144EPSS

CVE•added 2024/05/06 4:15 p.m.•39 views

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

7.3CVSS5.6AI score0.00429EPSS

CVE•added 2024/10/22 5:15 p.m.•38 views

CVE-2024-49208

Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons.

5.9CVSS7AI score0.00084EPSS

CVE•added 2024/10/22 5:15 p.m.•38 views

CVE-2024-49210

Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web applicat...

6.1CVSS6.3AI score0.0016EPSS

CVE•added 2024/05/06 4:15 p.m.•36 views

CVE-2024-34093

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.

5.3CVSS7AI score0.00141EPSS

CVE•added 2024/10/22 5:15 p.m.•35 views

CVE-2024-49211

Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web ap...

6.1CVSS6.3AI score0.0016EPSS

CVE•added 2024/02/21 8:15 p.m.•34 views

CVE-2024-26311

Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then...

5.7CVSS5.2AI score0.00139EPSS