PT-2022-23925 · Rsa · Archer Platform

Published

2022-08-25

Updated

2022-08-29

CVE-2022-37318

CVSS v3.1

7.0

High

Vector

AC:H/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 6.11 P3 (6.11.0.3)

Description The issue allows a remote unauthenticated malicious user to potentially exploit a reflected XSS vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.

Recommendations For versions prior to 6.11 P3 (6.11.0.3), update to a fixed release such as 6.11 P3 (6.11.0.3) or later. As a temporary workaround, consider restricting access to the vulnerable web application until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-37318

Affected Products

Archer Platform

PT-2022-23925 · Rsa · Archer Platform

CVE-2022-37318

Weakness Enumeration

Related Identifiers

Affected Products

References · 4