Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
Analysis
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
Technical ContextAI
This vulnerability is classified as Improper Access Control (CWE-284).
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perfor
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54706