CVE-2023-48641

EUVD-2023-52691
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L
mitreCNA
7.5 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AC:H/AV:N/A:L/C:H/I:H/PR:H/S:C/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
archerirmarcher
𝑥
< 6.14.0.1.2
archerirmarcher
𝑥
< 6.13.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859