CVE-2023-48641

HIGH

7.5

Descricao

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

Detalhes CVE

Pontuacao CVSS v3.17.5

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosHIGH

Interacao do usuarioREQUIRED

Publicado12/12/2023

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

archerirm:archer

Fraquezas (CWE)

CWE-639CWE-639

Referencias

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(cve@mitre.org)

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.