PT-2022-23923 · Rsa · Archer Platform

Published

2022-08-25

Updated

2022-08-30

CVE-2022-37316

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 6.11 P3 (6.11.0.3) Archer Platform version 6.10 P3 (6.10.0.3) is vulnerable, but 6.10 P3 HF1 (6.10.0.3.1) is a fixed release, implying versions 6.10 P3 up to but not including 6.10 P3 HF1 are affected.

Description The issue concerns an improper API access control in a multi-instance system. This could potentially present unauthorized metadata to an authenticated user of the affected system.

Recommendations For Archer Platform versions prior to 6.11 P3 (6.11.0.3), update to version 6.11 P3 (6.11.0.3) or later. For Archer Platform version 6.10 P3 (6.10.0.3), update to 6.10 P3 HF1 (6.10.0.3.1) to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-37316

Affected Products

Archer Platform

PT-2022-23923 · Rsa · Archer Platform

CVE-2022-37316

Related Identifiers

Affected Products

References · 4