CVE-2023-32760

Published: Jul 14, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

Affected (1)

Products: Archerirm: Archer

Archerirm

1 product

Archer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Archerirm Archer	Before 6.12.0.6

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821

Source: cve@mitre.org

Release Notes

https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362

Source: cve@mitre.org

Vendor Advisory

https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.