CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31850
https://notcve.org/view.php?id=CVE-2024-31850
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Arc < 23.4.8839 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y realice acciones limitadas. • https://github.com/Stuub/CVE-2024-31848-PoC https://www.tenable.com/security/research/tra-2024-09 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2023-24243
https://notcve.org/view.php?id=CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). • https://arc.cdata.com https://arc.cdata.com/trial https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8 https://www.cdata.com/kb/entries/netembeddedserver-notice.rst • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45891
https://notcve.org/view.php?id=CVE-2021-45891
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. Se ha detectado un problema en Softwarebuero Zauner ARC 4.2.0.4., que permite a atacantes escalar privilegios dentro de la aplicación, ya que todas las comprobaciones de permisos se hacen del lado del cliente, no del lado del servidor • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45892
https://notcve.org/view.php?id=CVE-2021-45892
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. Se ha detectado un problema en Softwarebuero Zauner ARC 4.2.0.4. Se presenta un almacenamiento de contraseñas en un formato recuperable • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-064.txt • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45893
https://notcve.org/view.php?id=CVE-2021-45893
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. Se ha detectado un problema en Softwarebuero Zauner ARC versión 4.2.0.4. Se presenta un manejo inapropiado de la sensibilidad a las mayúsculas y minúsculas, lo que facilita la adivinación de la contraseña • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt • CWE-178: Improper Handling of Case Sensitivity •