Description
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory vendor-advisory
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6
Scores
CVSS v3
4.7
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (1)
arcinformatique/pcvue
15 - 15.2.2
Published
Dec 12, 2022
Tracked Since
Feb 18, 2026