CVE-2023-48641
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.
Archer Platform 6.x anterior a 6.14 P1 HF2 (6.14.0.1.2) contiene una vulnerabilidad de referencia directa a objeto insegura. Un usuario malintencionado autenticado en una instalación de múltiples instancias podría explotar esta vulnerabilidad manipulando las referencias de recursos de la aplicación en las solicitudes de los usuarios para eludir las comprobaciones de autorización, con el fin de obtener acceso de ejecución a los recursos de la aplicación AWF.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-11-17 CVE Reserved
- 2023-12-12 CVE Published
- 2023-12-16 EPSS Updated
- 2024-10-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Archerirm Search vendor "Archerirm" | Archer Search vendor "Archerirm" for product "Archer" | < 6.14.0.1.2 Search vendor "Archerirm" for product "Archer" and version " < 6.14.0.1.2" | - |
Affected
| ||||||
| Archerirm Search vendor "Archerirm" | Archer Search vendor "Archerirm" for product "Archer" | < 6.13.0.3 Search vendor "Archerirm" for product "Archer" and version " < 6.13.0.3" | - |
Affected
| ||||||