CVE-2024-34093

MEDIUM

Archer Platform 6 < 2024.03 - Unauthenticated X-Forwarded-For Header Bypass

Title source: llm

Description

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.

References (2)

Core 2

Core References

Product

https://archerirm.com

Vendor Advisory

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963

Scores

CVSS v3 5.3

EPSS 0.0044

EPSS Percentile 34.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

archerirm/archer < 2024.03

Published May 06, 2024

Tracked Since Feb 18, 2026