VYPR
Vendor

Archer

Products
2
CVEs
47
Across products
54
Status
Private

Products

2

Recent CVEs

47
View all 47 CVEs →
  • CVE-2022-38542CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.

  • CVE-2022-38541CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

  • CVE-2022-38538CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

  • CVE-2022-38537CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

  • CVE-2022-30584CriMay 26, 2022
    risk 0.62cvss 9.6epss 0.01

    Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed…

  • CVE-2025-50572HigJul 31, 2025
    risk 0.57cvss 8.8epss 0.00

    Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report…

  • CVE-2023-45358HigOct 17, 2023
    risk 0.55cvss 8.5epss 0.00

    Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data…

  • CVE-2023-32761HigJul 14, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

  • CVE-2023-32760HigJul 14, 2023
    risk 0.50cvss 7.7epss 0.00

    An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

  • CVE-2023-48641HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.00

    Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user…

  • CVE-2023-48053HigNov 16, 2023
    risk 0.49cvss 7.5epss 0.00

    Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

  • CVE-2023-32759HigJul 14, 2023
    risk 0.49cvss 7.5epss 0.00

    An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

  • CVE-2022-37317HigAug 25, 2022
    risk 0.49cvss 7.6epss 0.01

    Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and…

  • CVE-2024-41706HigJul 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store…

  • CVE-2024-26313HigMar 8, 2024
    risk 0.47cvss 7.3epss 0.01

    Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim…

  • CVE-2024-41705HigJul 25, 2024
    risk 0.46cvss 7.1epss 0.00

    A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through…

  • CVE-2023-30639HigMay 1, 2023
    risk 0.46cvss 7.1epss 0.00

    Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4)…

  • CVE-2022-37318HigAug 25, 2022
    risk 0.46cvss 7.0epss 0.00

    Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the…

  • CVE-2024-49209MedOct 22, 2024
    risk 0.42cvss 6.5epss 0.00

    Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system…

  • CVE-2023-30605MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the…