| ID |
CVE-2025-27893
|
| Sažetak |
In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls. |
| Reference |
|
| CVSS |
| Base: | 1.8 |
| Impact: | 1.4 |
| Exploitability: | 0.4 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| ADJACENT_NETWORK |
HIGH |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
LOW |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N |
| Zadnje važnije ažuriranje |
11-03-2025 - 14:15 |
| Objavljeno |
11-03-2025 - 09:15 |
