Lucene search

IcscertCVELIST:CVE-2022-4312

HistoryDec 12, 2022 - 5:10 p.m.

CVE-2022-4312

2022-12-1217:10:22

CWE-312

icscert

www.cve.org

pcvue

vulnerability

unauthorized access

sms

sensitive information

cleartext storage

smtp

sim card

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could
allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files
to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.
Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email
account and SIM card.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PcVue",
    "vendor": "ARC Informatique",
    "versions": [
      {
        "lessThanOrEqual": "15.2.3",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      }
    ]
  }
]

References

www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2022-4312