Archery
CVE-2023-48053
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
AnalysisAI
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. Affected products include: Archerydms Archery.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_ti
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the crea
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/app
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today