CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

Unsafe temporary data privileges on Unix systems in Arc before v1.6.0

Summary On Unix systems Linux, MacOS, Arc uses a temporary file with unsafe privileges. Impact By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. Mitigation N/A Solution Upgrade to v1.6.0 or later...

CVE-2021-45893

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier...

Softwarebuero Zauner ARC安全漏洞

Softwarebuero Zauner ARC is an application. softwarebuero Zauner ARC version 4.2.0.4 is vulnerable to an authorization issue, which stems from the fact that all permission checks are done on the client side instead of the server side. An attacker could exploit the vulnerability to gain privileges...