CVE-2022-26949

EUVD-2022-31493
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
rsaarcher
6.1.0.0 ≤
𝑥
< 6.9.2.2
𝑥
= Vulnerable software versions
References
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497
https://www.archerirm.community/t5/general-support-information/tkb-p/information-support
https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497