CVE-2021-45891

HIGH

Softwarebuero Zauner ARC 4.2.0.4 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

References (2)

[Third Party Advisory] https://syss.de

[Exploit, Third Party Advisory] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt

Scores

CVSS v3 8.8

EPSS 0.0042

EPSS Percentile 62.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-669

Status published

Products (1)

zauner/arc 4.2.0.4

Published Apr 05, 2022

Tracked Since Feb 18, 2026