CVE-2022-22703

MEDIUM

Stormshield SSO Agent 2.x < 2.1.1 and 3.x < 3.0.2 - Sensitive Information Exposure in Installer Log File

Title source: llm

Description

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://advisories.stormshield.eu/2022-001

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-532

Status published

Products (1)

stormshield/network_security 2.0.0 - 2.1.1

Published Jan 17, 2022

Tracked Since Feb 18, 2026