CVE-2020-26867 CRITICAL

CVE-2020-26867: ARC Informatique PcVue Deserialization of Untrusted Data

Vendor Arc Informatique
Product PcVue
Weakness CWE-502 · Unsafe deserialization
Published October 12, 2020
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

Key dates

02Disclosure timeline

October 12, 2020 CVE published
September 16, 2024 Record updated