关联漏洞
标题:
N/A
(CVE-2025-27893)
描述:在Archer Platform 6至6.14.00202.10024版本中,具有记录创建权限的认证用户可以通过拦截并修改通过GenericContent/Record.aspx?id=URI发出的复制请求,来操纵不可变字段(如创建日期)。这使得未经授权的用户能够修改系统生成的元数据,从而破坏数据完整性,并可能影响审计、合规和安全控制。
介绍
# CVE-2025-27893: Improper Access Control in Archer Platform
## Description
A **Improper Access Control (CWE-284)** vulnerability exists in Archer Platform versions 6 through 6.14.00202.10024. An authenticated user with record creation privileges can manipulate immutable fields, such as the **creation date**, by intercepting and modifying a **Copy** request via a `GenericContent/Record.aspx?id=` URI.
This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.
## Affected Products
- **Vendor**: ArcherIRM
- **Product**: Archer
- **Affected Versions**: 6.14.00202.10024
## Vulnerability Type
- **CWE-284: Improper Access Control**
- **CWE-639: Authorization Bypass Through User-Controlled Key**
## Impact
- **Data Integrity Compromise**: Allows unauthorized users to manipulate system-generated metadata.
- **Audit and Compliance Risk**: Can impact compliance monitoring and record integrity.
## Affected Component
The vulnerability affects the **integrity of records** within the Archer system.
## Attack Vectors
### Prerequisites
- The attacker must have an authenticated user account with **record creation privileges**.
- This is a **standard privilege** in the system.
### Exploitation Steps
1. **Target Selection**: Identify an existing record to manipulate.
2. **Initiate the Copy Function**: The attacker selects the record and clicks the three-dot menu to copy it, generating the following request:
```http
POST /RSAarcher/GenericContent/Record.aspx?id=RECORD_ID&moduleId=NUM&levelSelection=NUM&RecordSet=True&Mode=Edit&pr=VALUE&rr=VALUE
```
3. **Intercept and Modify the Request**: Using an interception tool (e.g., Burp Suite), the attacker captures the request and alters immutable fields such as the **creation date**.
4. **Submit the Modified Request**: Instead of proceeding with the copy operation, the attacker **cancels the operation** after submission, effectively bypassing the system's enforcement of immutable fields.
## Discoverer
- **Name**: Hattan Hassan D Althobaiti
## References
- [ArcherIRM Official Website](https://archerirm.com)
- [CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html)
- [CWE-639: Authorization Bypass Through User-Controlled Key](https://cwe.mitre.org/data/definitions/639.html)
## Mitigation
- **Vendor Action**: The vendor should enforce strict **server-side validation** to prevent modification of immutable fields.
- **Security Controls**: Implement **logging and monitoring** to detect unauthorized record modifications.
---
**Disclaimer**: This disclosure is for informational purposes only. The discoverer and publisher are not responsible for any misuse of the disclosed vulnerability.
文件快照
[4.0K] /data/pocs/08aa383114e6af8a5a098d8071faa8194460df0f
└── [2.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。