CVE-2024-49209

Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/747545	Vendor Advisory
https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-22 17:15

Updated : 2025-03-14 16:15

NVD link : CVE-2024-49209

Mitre link : CVE-2024-49209

CVE.ORG link : CVE-2024-49209

JSON object : View

Products Affected

archerirm

archer

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-49209", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-10-22T17:15:05.763", "references": [{"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/747545", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons."}, {"lang": "es", "value": "Archer Platform 2024.03 anterior a la versi\u00f3n 2024.09 se ve afectada por una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n de API relacionada con los archivos de aplicaciones de soporte. Un atacante remoto sin privilegios podr\u00eda aprovechar esta vulnerabilidad para elevar sus privilegios y cargar \u00edconos de sistema adicionales."}], "lastModified": "2025-03-14T16:15:37.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B90029-B002-417A-9005-61BC67B69217", "versionEndExcluding": "2024.09", "versionStartIncluding": "2024.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}