CVE-2024-49209

{"id": "CVE-2024-49209", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-22T17:15:05.763", "references": [{"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/747545", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons."}, {"lang": "es", "value": "Archer Platform 2024.03 anterior a la versi\u00f3n 2024.09 se ve afectada por una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n de API relacionada con los archivos de aplicaciones de soporte. Un atacante remoto sin privilegios podr\u00eda aprovechar esta vulnerabilidad para elevar sus privilegios y cargar \u00edconos de sistema adicionales."}], "lastModified": "2024-10-25T20:17:36.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B90029-B002-417A-9005-61BC67B69217", "versionEndExcluding": "2024.09", "versionStartIncluding": "2024.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}