Improper Access Control in Archer Platform by RSA Security
CVE-2024-26310

4.3MEDIUM

Key Information:

Vendor: RSA Security
Status: Archer Platform
Vendor: CVE Published:; 21 February 2024

Summary

The Archer Platform 6.8, prior to version 6.14 P2 (6.14.0.2), suffers from an improper access control vulnerability. This issue allows a remote authenticated user to exploit the system, potentially gaining unauthorized access to sensitive API information intended for users with higher privileges. Organizations utilizing the affected versions should prioritize updating to mitigate the risk associated with this vulnerability.

References

https://archerirm.com

https://www.archerirm.community/t5/platform-announcements...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Feb 19, 2024