CVE-2022-37316

moderate-risk
Published 2022-08-25

Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Rsa

References (4)

Product https://archerirm.com
Vendor Advisory https://www.archerirm.community/t5/security-advisories/archer-update-for-imprope...
Product https://archerirm.com
Vendor Advisory https://www.archerirm.community/t5/security-advisories/archer-update-for-imprope...
30
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal