CVE-2021-45891
https://notcve.org/view.php?id=CVE-2021-45891
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. Se ha detectado un problema en Softwarebuero Zauner ARC 4.2.0.4., que permite a atacantes escalar privilegios dentro de la aplicación, ya que todas las comprobaciones de permisos se hacen del lado del cliente, no del lado del servidor • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt • CWE-669: Incorrect Resource Transfer Between Spheres •
CVE-2021-45892
https://notcve.org/view.php?id=CVE-2021-45892
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. Se ha detectado un problema en Softwarebuero Zauner ARC 4.2.0.4. Se presenta un almacenamiento de contraseñas en un formato recuperable • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-064.txt • CWE-522: Insufficiently Protected Credentials •
CVE-2021-45893
https://notcve.org/view.php?id=CVE-2021-45893
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. Se ha detectado un problema en Softwarebuero Zauner ARC versión 4.2.0.4. Se presenta un manejo inapropiado de la sensibilidad a las mayúsculas y minúsculas, lo que facilita la adivinación de la contraseña • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt • CWE-178: Improper Handling of Case Sensitivity •
CVE-2021-45894
https://notcve.org/view.php?id=CVE-2021-45894
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. Se ha detectado un problema en Softwarebuero Zauner ARC versión 4.2.0.4. Se presenta una transmisión en texto sin cifrar de información confidencial • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-066.txt • CWE-319: Cleartext Transmission of Sensitive Information •