Important Update: Some Community URL Redirects are Under Maintenance. Learn More. .

cancel
Showing results for 
Search instead for 
Did you mean: 

"Improper Access Control Vulnerability" resulting in a change of access rights

LucasZinkiewicz
Contributor

Hey, 

just for verification purposes:

we just upgraded our environment to 6.10.3 and therefore fixing the common vulnerability exposures:

  • CVE-2022-30584
  • CVE-2022-30585
  • CVE-2021-33615
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.

 

After that we found one of our JS DataFeeds

Spoiler
It was executing a JS file which would generate, download and then uploading a MailMerge Template through the API
errorjob.PNG






was failing with following message:

error.PNG

 

 

 

As a result we tweaked the AccessRole to now contain the rights for export and print, which were not necessary before (6.9.1.5) :

errorfix.PNG

 

 

=> So i'd like to ask if you changed this exact behaviour for the CVE's

0 REPLIES 0