CVE-2024-34092 - Vulnerability Details - OpenCVE

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00146.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Archerirm	Archer

Configuration 1 [-]

OR	cpe:2.3:a:archerirm:archer::::::::
	cpe:2.3:a:archerirm:archer:2024.03:::::::*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://archerirm.com
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963

History

Tue, 25 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}`

Tue, 18 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Archerirm Archerirm archer
Weaknesses		CWE-613
CPEs		cpe:2.3:a:archerirm:archer:::::::: cpe:2.3:a:archerirm:archer:2024.03:::::::*
Vendors & Products		Archerirm Archerirm archer
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-06T00:00:00.000Z

Updated: 2025-03-25T16:17:57.753Z

Reserved: 2024-04-30T00:00:00.000Z

Link: CVE-2024-34092

Vulnrichment

Updated: 2024-08-02T02:42:59.907Z

NVD

Status : Modified

Published: 2024-05-06T16:15:13.770

Modified: 2025-03-25T17:15:56.007

Link: CVE-2024-34092

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34092", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-25T16:17:57.753Z", "dateReserved": "2024-04-30T00:00:00.000Z", "datePublished": "2024-05-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-06T16:03:14.333Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://archerirm.com"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-613", "lang": "en", "description": "CWE-613 Insufficient Session Expiration"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-29T19:26:01.740524Z", "id": "CVE-2024-34092", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T16:17:57.753Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.907Z"}, "title": "CVE Program Container", "references": [{"url": "https://archerirm.com", "tags": ["x_transferred"]}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://archerirm.com", "tags": ["x_transferred"]}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.907Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T19:26:01.740524Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T19:26:06.344Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://archerirm.com"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-06T16:03:14.333Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34092", "state": "PUBLISHED", "dateUpdated": "2025-03-25T16:17:57.753Z", "dateReserved": "2024-04-30T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4643898-6CFC-4F96-8564-BE6A46E7B75F", "versionEndExcluding": "6.14.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:archerirm:archer:2024.03:*:*:*:*:*:*:*", "matchCriteriaId": "14B1EA5F-1E5D-4A30-88E5-4460188A7D19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Archer Platform 6 antes del 2024.04. La autenticaci\u00f3n se manej\u00f3 mal porque el bloqueo no finaliz\u00f3 una sesi\u00f3n existente. 6.14 P3 (6.14.0.3) tambi\u00e9n es una versi\u00f3n corregida."}], "id": "CVE-2024-34092", "lastModified": "2025-03-25T17:15:56.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-06T16:15:13.770", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://archerirm.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://archerirm.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}