Archerirm

Archer

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-27893

Exploit
  • EPSS 0.03%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 08.08.2025 13:15:29

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NO...

6.1

CVE-2024-49211

  • EPSS 0.17%
  • Veröffentlicht 22.10.2024 17:15:06
  • Zuletzt bearbeitet 30.10.2024 19:35:29

Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious...

6.1

CVE-2024-49210

  • EPSS 0.17%
  • Veröffentlicht 22.10.2024 17:15:05
  • Zuletzt bearbeitet 30.10.2024 19:35:28

Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML ...

4.3

CVE-2024-49209

  • EPSS 0.09%
  • Veröffentlicht 22.10.2024 17:15:05
  • Zuletzt bearbeitet 14.03.2025 16:15:37

Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges a...

3.1

CVE-2024-49208

  • EPSS 0.11%
  • Veröffentlicht 22.10.2024 17:15:04
  • Zuletzt bearbeitet 14.03.2025 16:15:36

Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and d...

5.4

CVE-2024-41707

  • EPSS 0.25%
  • Veröffentlicht 25.07.2024 08:15:02
  • Zuletzt bearbeitet 18.03.2025 16:15:23

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application dat...

5.4

CVE-2024-41706

  • EPSS 0.23%
  • Veröffentlicht 25.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:33:01

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim use...

5.4

CVE-2024-41705

  • EPSS 0.28%
  • Veröffentlicht 25.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:33:01

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users acc...

4.3

CVE-2024-26312

  • EPSS 0.32%
  • Veröffentlicht 06.05.2024 16:15:13
  • Zuletzt bearbeitet 18.03.2025 17:27:43

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

5.3

CVE-2024-34093

  • EPSS 0.2%
  • Veröffentlicht 06.05.2024 16:15:13
  • Zuletzt bearbeitet 18.03.2025 15:26:21

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.