CVE-2021-45893

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://syss.de	Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt	Exploit Third Party Advisory
https://syss.de	Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zauner:arc:4.2.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-05 02:15

Updated : 2024-11-21 06:33

NVD link : CVE-2021-45893

Mitre link : CVE-2021-45893

CVE.ORG link : CVE-2021-45893

JSON object : View

Products Affected

zauner

arc

CWE

CWE-178

Improper Handling of Case Sensitivity

{"id": "CVE-2021-45893", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-05T02:15:07.080", "references": [{"url": "https://syss.de", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://syss.de", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-065.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-178"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier."}, {"lang": "es", "value": "Se ha detectado un problema en Softwarebuero Zauner ARC versi\u00f3n 4.2.0.4. Se presenta un manejo inapropiado de la sensibilidad a las may\u00fasculas y min\u00fasculas, lo que facilita la adivinaci\u00f3n de la contrase\u00f1a"}], "lastModified": "2024-11-21T06:33:12.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zauner:arc:4.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4AECD91-01C9-4B85-9400-5FDA25B6FD58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}