CVE-2022-4311
MEDIUMPcVue 15-15.2.2 - Sensitive Information Exposure in Log Files
Title source: llmDescription
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory vendor-advisory
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6
Scores
CVSS v3
4.7
EPSS
0.0033
EPSS Percentile
24.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (1)
arcinformatique/pcvue
15 - 15.2.2
Published
Dec 12, 2022
Tracked Since
Feb 18, 2026