VYPR

Vendor CVEs

Archer

All CVEs

52 total · sorted by risk
  • CVE-2022-38542CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.

  • CVE-2022-38541CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

  • CVE-2022-38538CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

  • CVE-2022-38537CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

  • CVE-2022-30584CriMay 26, 2022
    risk 0.62cvss 9.6epss 0.01

    Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed…

  • CVE-2025-50572HigJul 31, 2025
    risk 0.57cvss 8.8epss 0.00

    Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report…

  • CVE-2024-34092HigMay 6, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.

  • CVE-2023-45358HigOct 17, 2023
    risk 0.55cvss 8.5epss 0.00

    Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data…

  • CVE-2023-32761HigJul 14, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

  • CVE-2023-32760HigJul 14, 2023
    risk 0.50cvss 7.7epss 0.00

    An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

  • CVE-2023-48641HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.00

    Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user…

  • CVE-2023-48053HigNov 16, 2023
    risk 0.49cvss 7.5epss 0.00

    Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

  • CVE-2023-32759HigJul 14, 2023
    risk 0.49cvss 7.5epss 0.00

    An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

  • CVE-2022-37317HigAug 25, 2022
    risk 0.49cvss 7.6epss 0.01

    Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and…

  • CVE-2024-41706HigJul 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store…

  • CVE-2024-34091HigMay 6, 2024
    risk 0.47cvss 7.3epss 0.01

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application…

  • CVE-2024-34090HigMay 6, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

  • CVE-2024-34089HigMay 6, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application…

  • CVE-2024-26313HigMar 8, 2024
    risk 0.47cvss 7.3epss 0.01

    Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim…

  • CVE-2024-41705HigJul 25, 2024
    risk 0.46cvss 7.1epss 0.00

    A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through…

  • CVE-2023-30639HigMay 1, 2023
    risk 0.46cvss 7.1epss 0.00

    Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4)…

  • CVE-2022-37318HigAug 25, 2022
    risk 0.46cvss 7.0epss 0.00

    Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the…

  • CVE-2024-49209MedOct 22, 2024
    risk 0.42cvss 6.5epss 0.00

    Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system…

  • CVE-2023-30605MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the…

  • CVE-2023-30558MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to…

  • CVE-2023-30557MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input…

  • CVE-2023-30556MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of…

  • CVE-2023-30555MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input…

  • CVE-2023-30554MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`…

  • CVE-2023-30553MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint…

  • CVE-2023-30552MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method.…

  • CVE-2022-37316MedAug 25, 2022
    risk 0.42cvss 6.5epss 0.01

    Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release.

  • CVE-2022-30585MedMay 26, 2022
    risk 0.42cvss 6.5epss 0.01

    The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed…

  • CVE-2022-26951MedMar 30, 2022
    risk 0.42cvss 6.5epss 0.01

    Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable…

  • CVE-2022-26947MedMar 30, 2022
    risk 0.41cvss 6.3epss 0.01

    Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web…

  • CVE-2023-37224MedJul 14, 2023
    risk 0.39cvss 6.0epss 0.00

    An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.

  • CVE-2024-49208MedOct 22, 2024
    risk 0.38cvss 5.9epss 0.00

    Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons.

  • CVE-2022-26948MedMar 30, 2022
    risk 0.38cvss 5.8epss 0.01

    The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.

  • CVE-2024-26311MedFeb 21, 2024
    risk 0.37cvss 5.7epss 0.01

    Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web…

  • CVE-2023-48642MedDec 12, 2023
    risk 0.35cvss 5.4epss 0.00

    Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access…

  • CVE-2023-37223MedJul 14, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.

  • CVE-2022-26950MedMar 30, 2022
    risk 0.35cvss 5.4epss 0.01

    Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently…

  • CVE-2022-26949MedMar 30, 2022
    risk 0.35cvss 5.3epss 0.01

    Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.

  • CVE-2024-34093MedMay 6, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.

  • CVE-2024-26309MedMar 8, 2024
    risk 0.34cvss 5.3epss 0.01

    Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.

  • CVE-2024-41707MedJul 25, 2024
    risk 0.31cvss 4.8epss 0.00

    An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users…

  • CVE-2020-29537MedJan 29, 2021
    risk 0.30cvss 4.6epss 0.01

    Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently…

  • CVE-2024-26310MedFeb 21, 2024
    risk 0.28cvss 4.3epss 0.00

    Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.

  • CVE-2023-45357MedOct 17, 2023
    risk 0.28cvss 4.3epss 0.00

    Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.

  • CVE-2020-29536MedJan 29, 2021
    risk 0.28cvss 4.3epss 0.01

    Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.

Page 1 of 2