CVE-2021-45891

Exploit

EPSS 0.42%
Published 05.04.2022 02:15:07
Last modified 21.11.2024 06:33:12
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zauner ≫ Arc Version4.2.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.614

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://syss.de

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-45891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45891

EUVD