CVE-2022-37317

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://archerirm.com	Product
https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rsa:archer::::::::
	cpe:2.3:a:rsa:archer::::::::

History

No history.

Information

Published : 2022-08-25 23:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-37317

Mitre link : CVE-2022-37317

CVE.ORG link : CVE-2022-37317

JSON object : View

Products Affected

rsa

archer

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-37317", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2022-08-25T23:15:08.507", "references": [{"url": "https://archerirm.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases."}, {"lang": "es", "value": "Archer Platform versiones 6.x anteriores a 6.11 P3 contiene una vulnerabilidad de inyecci\u00f3n de HTML. Un atacante remoto autenticado podr\u00eda explotar potencialmente esta vulnerabilidad al enga\u00f1ar a un usuario de la aplicaci\u00f3n v\u00edctima para ejecutar c\u00f3digo malicioso en el contexto de la aplicaci\u00f3n web. Las versiones 6.10 P4 (6.10.0.4) y 6.11 P2 HF4 (6.11.0.2.4) tambi\u00e9n est\u00e1n corregidas."}], "lastModified": "2022-08-30T21:16:57.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "781199FC-8E34-4D69-BA49-D00DC88D8E16", "versionEndExcluding": "6.10.0.4", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBDF16C1-7A93-4184-A7AD-7F8787D9BD5C", "versionEndExcluding": "6.11.0.2.4", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}