HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-37317

CVSS 7.6v3.1pub. 2022-08-25upd. 2024-11-21

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Rsa Archer

    APP
    Rsa
    6.0 – 6.10.0.4 (bez)6.11 – 6.11.0.2.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2022-30584CRITICAL9.6ten sam produkt

Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS f...

CVE-2019-3758CRITICAL9.8ten sam produkt

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerab...

CVE-2022-37318HIGH7.0ten sam produkt

Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthent...

CVE-2021-33615HIGH7.5ten sam produkt

RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.

CVE-2020-5334HIGH8.2ten sam produkt

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site script...