CVE-2022-37317

moderate-risk
Published 2022-08-25

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.6/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Rsa

References (4)

Product https://archerirm.com
Vendor Advisory https://www.archerirm.community/t5/security-advisories/archer-update-for-multipl...
Product https://archerirm.com
Vendor Advisory https://www.archerirm.community/t5/security-advisories/archer-update-for-multipl...
33
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal