6.1
CVE-2026-1698
- EPSS 0.21%
- Veröffentlicht 26.02.2026 07:58:00
- Zuletzt bearbeitet 12.03.2026 14:30:52
- Quelle 87c8e6ad-f0f5-4ca8-89e2-89f26d
- CVE-Watchlists
- Unerledigt
HTTP Host header vulnerability in WebClient and WebScheduler web apps
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arcinformatique ≫ Pcvue Version >= 15.0.0 <= 15.2.13
Arcinformatique ≫ Pcvue Version >= 16.0.0 < 16.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.106 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932 | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear
|
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
https://www.pcvue.com/security/#SB2026-2