VYPR

Archer Platform

by Archer

CVEs (15)

  • CVE-2022-30584CriMay 26, 2022
    risk 0.62cvss 9.6epss 0.01

    Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed…

  • CVE-2023-45358HigOct 17, 2023
    risk 0.55cvss 8.5epss 0.00

    Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data…

  • CVE-2023-32761HigJul 14, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

  • CVE-2023-32760HigJul 14, 2023
    risk 0.50cvss 7.7epss 0.00

    An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

  • CVE-2023-48641HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.00

    Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user…

  • CVE-2023-32759HigJul 14, 2023
    risk 0.49cvss 7.5epss 0.00

    An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

  • CVE-2022-37317HigAug 25, 2022
    risk 0.49cvss 7.6epss 0.01

    Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and…

  • CVE-2023-30639HigMay 1, 2023
    risk 0.46cvss 7.1epss 0.00

    Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4)…

  • CVE-2022-37318HigAug 25, 2022
    risk 0.46cvss 7.0epss 0.00

    Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the…

  • CVE-2022-37316MedAug 25, 2022
    risk 0.42cvss 6.5epss 0.01

    Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release.

  • CVE-2022-30585MedMay 26, 2022
    risk 0.42cvss 6.5epss 0.01

    The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed…

  • CVE-2023-37224MedJul 14, 2023
    risk 0.39cvss 6.0epss 0.00

    An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.

  • CVE-2023-48642MedDec 12, 2023
    risk 0.35cvss 5.4epss 0.00

    Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access…

  • CVE-2023-37223MedJul 14, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.

  • CVE-2023-45357MedOct 17, 2023
    risk 0.28cvss 4.3epss 0.00

    Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.