Lucene search

MitreCVE-2022-37317

HistoryAug 25, 2022 - 11:15 p.m.

CVE-2022-37317

2022-08-2523:15:08

CWE-79

mitre

web.nvd.nist.gov

cve-2022-37317

archer platform

html injection

vulnerability

security

remote code execution

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.

Affected configurations

Nvd

Node

rsaarcherRange6.0–6.10.0.4

rsaarcherRange6.11–6.11.0.2.4

VendorProductVersionCPE
rsaarcher*cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	archer	*	cpe:2.3:a:rsa:archer::::::::

References

archerirm.com

www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060

Social References