CVE-2022-21184
MEDIUMatvise 3.5.4-3.7 - Cleartext Transmission of Sensitive Information via License Registration
Title source: llmDescription
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461
Scores
CVSS v3
5.9
EPSS
0.0043
EPSS Percentile
34.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
CWE-522
Status
published
Products (3)
atvise/atvise
3.5.4
atvise/atvise
3.6
atvise/atvise
3.7
Published
Jun 17, 2022
Tracked Since
Feb 18, 2026