CVE-2023-48641

HIGH

7.5

Descripcion

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosHIGH

Interaccion usuarioREQUIRED

Publicado12/12/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

archerirm:archer

Debilidades (CWE)

CWE-639CWE-639

Referencias

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(cve@mitre.org)

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.