Vulnerability Details CVE-2022-30585
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://www.archerirm.community/t5/releases/tkb-p/releases
- https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/677341
- https://www.archerirm.community/t5/releases/tkb-p/releases
- https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/677341
Products affected by CVE-2022-30585
-
cpe:2.3:a:rsa:archer:6.10.0.0
-
cpe:2.3:a:rsa:archer:6.10.0.1
-
cpe:2.3:a:rsa:archer:6.3
-
cpe:2.3:a:rsa:archer:6.4
-
cpe:2.3:a:rsa:archer:6.4.0.1
-
cpe:2.3:a:rsa:archer:6.4.0.2
-
cpe:2.3:a:rsa:archer:6.5
-
cpe:2.3:a:rsa:archer:6.6.0.2
-
cpe:2.3:a:rsa:archer:6.6.0.3
-
cpe:2.3:a:rsa:archer:6.6.0.8
-
cpe:2.3:a:rsa:archer:6.7
-
cpe:2.3:a:rsa:archer:6.7.0.1
-
cpe:2.3:a:rsa:archer:6.7.0.2
-
cpe:2.3:a:rsa:archer:6.7.0.3
-
cpe:2.3:a:rsa:archer:6.7.0.8
-
cpe:2.3:a:rsa:archer:6.8
-
cpe:2.3:a:rsa:archer:6.8.0.2
-
cpe:2.3:a:rsa:archer:6.8.0.3
-
cpe:2.3:a:rsa:archer:6.8.0.4
-
cpe:2.3:a:rsa:archer:6.8.0.5
-
cpe:2.3:a:rsa:archer:6.9
-
cpe:2.3:a:rsa:archer:6.9.0.1
-
cpe:2.3:a:rsa:archer:6.9.0.2
-
cpe:2.3:a:rsa:archer:6.9.0.3
-
cpe:2.3:a:rsa:archer:6.9.1.0
-
cpe:2.3:a:rsa:archer:6.9.1.1
-
cpe:2.3:a:rsa:archer:6.9.1.4
-
cpe:2.3:a:rsa:archer:6.9.2.1
-
cpe:2.3:a:rsa:archer:6.9.2.2
-
cpe:2.3:a:rsa:archer:6.9.3.0
-
cpe:2.3:a:rsa:archer:6.9.3.0.1
-
cpe:2.3:a:rsa:archer:6.9.3.1
-
cpe:2.3:a:rsa:archer:6.9.3.2
-
cpe:2.3:a:rsa:archer:6.9.3.3