An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This
could allow a user with access to the log files to discover connection strings of data sources configured for the
DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users
unauthorized access to the underlying data sources.
References
Link | Resource |
---|---|
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6 | Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-12-12T17:08:30.847Z
Updated:
Reserved: 2022-12-06T19:08:45.932Z
Link: CVE-2022-4311
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-12T18:15:13.300
Modified: 2023-11-07T03:57:31.117
Link: CVE-2022-4311
JSON object: View
Redhat Information
No data.
CWE