Lucene search
K

4 matches found

Cvelist
Cvelist
added 14 hours ago9 views

CVE-2026-33390 Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.3 views

PT-2026-22916

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References2
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.4 views

Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0

Summary A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. Impact An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in t...

8.1CVSS6.6AI score0.00379EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2023/05/03 12:0 a.m.6 views

Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2

Summary A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the Alerts controller, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Impact Authenticated users can extract arbitrary...

8.8CVSS7.9AI score0.00598EPSS
Exploits0Affected Software2
Rows per page
Query Builder