Vulnerabilities > CVE-2021-45891 - Incorrect Resource Transfer Between Spheres vulnerability in Zauner ARC 4.2.0.4

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zauner

CWE-669

NVD

Published: 2022-04-05

Updated: 2022-07-12

Summary

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

Vulnerable Configurations

Part	Description	Count
Application	Zauner Zauner ARC 4.2.0.4	1

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt