CVE-2024-49208

{"id": "CVE-2024-49208", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2024-10-22T17:15:04.503", "references": [{"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/747545", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons."}, {"lang": "es", "value": " Archer Platform 2024.03 anterior a la versi\u00f3n 2024.08 se ve afectada por una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n relacionada con los archivos de aplicaciones de soporte. Un atacante remoto sin privilegios podr\u00eda aprovechar esta vulnerabilidad para elevar sus privilegios y eliminar los \u00edconos del sistema."}], "lastModified": "2024-10-25T20:18:20.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40BBDFF3-B311-4110-B76B-C8FBAFE714A5", "versionEndExcluding": "2024.08", "versionStartIncluding": "2024.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}