CVE-2022-4311

EPSS 0.34%
Veröffentlicht 12.12.2022 18:15:13
Zuletzt bearbeitet 21.11.2024 07:35:00
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This
could allow a user with access to the log files to discover connection strings of data sources configured for the
DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users
unauthorized access to the underlying data sources.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arcinformatique ≫ Pcvue Version >= 15 <= 15.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-4311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4311

EUVD