CVE-2023-48641

HIGH

7.5

Description

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredHIGH

User InteractionREQUIRED

Published12/12/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

archerirm:archer

Weaknesses (CWE)

CWE-639CWE-639

References

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(cve@mitre.org)

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.