exploitDog

GHSA-p458-c575-82fh

Опубликовано: 12 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

Ссылки

EPSS

Процентиль: 1%

0.00009

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2023-48641

CVSS3: 7.5

nvd

около 2 лет назад

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

EPSS

Процентиль: 1%

0.00009

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639