CVE-2022-22703

MEDIUM

Stormshield Network Security < 2.1.1 - Log Information Exposure

Title source: rule
STIX 2.1

Description

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://advisories.stormshield.eu/2022-001

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 18.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
stormshield/network_security 2.0.0 - 2.1.1
Published Jan 17, 2022
Tracked Since Feb 18, 2026