Archer Platform Vulnerability Allows Unauthorized Modification of Immutable Record Fields

A vulnerability exists in Archer Platform versions 6 through 6.14.00202.10024, allowing authenticated users with record creation privileges to manipulate immutable fields, such as the creation date. This is achieved by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. The exploitation of this vulnerability leads to unauthorized changes in system-generated metadata, thereby compromising data integrity and potentially disrupting auditing, compliance, and security controls.

Impact

Exploitation of this vulnerability allows for unauthorized modifications of system-generated metadata, particularly record integrity, which can disrupt audit logs and compliance tracking.

Reproduction

To reproduce this vulnerability, an authenticated user with record creation privileges must first identify a record to manipulate. After initiating the 'Copy' function on the target record, the user can intercept the resulting HTTP request using a tool like Burp Suite. By modifying immutable fields such as the creation date and then submitting the altered request, the user can finalize unauthorized changes by canceling the 'Copy' operation.

Remediation

ArcherIRM should implement proper validation to prevent unauthorized modifications of system-generated metadata. Additionally, access to the 'Copy' function could be restricted for non-administrative users.