CVE-2022-26949

Name of the Vulnerable Software and Affected Versions Archer versions 6.x through 6.9 SP2 P1 (6.9.2.1)

Description The issue is related to improper access control on attachments, allowing a remote authenticated malicious user to potentially gain access to files that should only be allowed by extra privileges.

Recommendations For versions 6.x through 6.9 SP2 P1 (6.9.2.1), consider restricting access to attachments to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of remote authenticated users to prevent them from accessing sensitive files.