Lucene search

KasperskyCVELIST:CVE-2020-26869

HistoryOct 12, 2020 - 1:52 p.m.

CVE-2020-26869 ARC Informatique PcVue Exposure of Sensitive Information to an Unauthorized Actor

2020-10-1213:52:50

CWE-200

Kaspersky

www.cve.org

arc informatique pcvue

vulnerability

unauthorized access

data exposure

web services toolkit

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

72.0%

JSON

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.

CNA Affected

[
  {
    "product": "PcVue",
    "vendor": "ARC Informatique",
    "versions": [
      {
        "lessThanOrEqual": "12.0.17",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-017-session-information-exposure-in-arc-informatique-pcvue/

us-cert.cisa.gov/ics/advisories/icsa-20-308-03

www.pcvuesolutions.com/security

www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

72.0%

JSON

Related for CVELIST:CVE-2020-26869