Lucene search

[email protected]NVD:CVE-2022-37317

HistoryAug 25, 2022 - 11:15 p.m.

CVE-2022-37317

2022-08-2523:15:08

CWE-79

[email protected]

web.nvd.nist.gov

archer platform

html injection

vulnerability

remote attacker

malicious code

web application

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.

Affected configurations

Nvd

Node

rsaarcherRange6.0–6.10.0.4

rsaarcherRange6.11–6.11.0.2.4

VendorProductVersionCPE
rsaarcher*cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	archer	*	cpe:2.3:a:rsa:archer::::::::

References

archerirm.com

www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060