CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32761
https://notcve.org/view.php?id=CVE-2023-32761
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request. • https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821 https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32760
https://notcve.org/view.php?id=CVE-2023-32760
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. • https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821 https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32759
https://notcve.org/view.php?id=CVE-2023-32759
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. • https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821 https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37224
https://notcve.org/view.php?id=CVE-2023-37224
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. • https://archerirm.com https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37317
https://notcve.org/view.php?id=CVE-2022-37317
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. Archer Platform versiones 6.x anteriores a 6.11 P3 contiene una vulnerabilidad de inyección de HTML. Un atacante remoto autenticado podría explotar potencialmente esta vulnerabilidad al engañar a un usuario de la aplicación víctima para ejecutar código malicioso en el contexto de la aplicación web. Las versiones 6.10 P4 (6.10.0.4) y 6.11 P2 HF4 (6.11.0.2.4) también están corregidas. • https://archerirm.com https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •