Medium
CVSS: 6.3
The server certificate was not verified when an Arc agent connected to a Guardian or CMC.
A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This coul…
Low
CVSS: 2.0
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties.
A malicious authenticated user with administrator privileges on a Guardian connecte…
Low
CVSS: 2.1
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.
A malicious authenticated user with the required privileges could edit a node label to in…
High
CVSS: 7.2
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive…
Medium
CVSS: 5.3
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset a…
High
CVSS: 7.1
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript pay…
Low
CVSS: 2.3
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different…
High
CVSS: 7.2
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alt…
Medium
CVSS: 6.0
A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web ap…
Medium
CVSS: 6.0
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web…
High
CVSS: 7.7
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web applica…
Medium
CVSS: 6.0
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by…
High
CVSS: 7.2
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrati…
Medium
CVSS: 5.8
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited b…