Lucene search

MitreCVELIST:CVE-2022-30585

HistoryMay 26, 2022 - 7:18 p.m.

CVE-2022-30585

2022-05-2619:18:49

mitre

www.cve.org

rest api

archer platform

authorization bypass

vulnerability

sensitive information

fixed release

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.

References

www.archerirm.community/t5/releases/tkb-p/releases

www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/677341

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

Related for CVELIST:CVE-2022-30585