Lucene search

[email protected]NVD:CVE-2022-30350

HistoryMar 30, 2023 - 4:15 p.m.

CVE-2022-30350

2023-03-3016:15:07

[email protected]

web.nvd.nist.gov

avanquest software

rad pdf

information leak

pdfescape online

redacting

pdf document

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.1%

JSON

Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a “white out” functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.

Affected configurations

Nvd

Node

avanquestpdfescapeMatch3.19.2.2

VendorProductVersionCPE
avanquestpdfescape3.19.2.2cpe:2.3:a:avanquest:pdfescape:3.19.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avanquest	pdfescape	3.19.2.2	cpe:2.3:a:avanquest:pdfescape:3.19.2.2:::::::*

References

arxiv.org/pdf/2206.02285.pdf

www.pdfescape.com/open/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.1%

JSON

Related for NVD:CVE-2022-30350

prion1 cvelist1 cve1