CVE-2022-4311
First published: Mon Dec 12 2022(Updated: )
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri ArcInfo | >=15<=15.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-4311?
CVE-2022-4311 has been classified as a medium severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2022-4311?
To mitigate CVE-2022-4311, upgrade to a version of PcVue that is later than 15.2.2 which addresses this vulnerability.
What versions of PcVue are affected by CVE-2022-4311?
CVE-2022-4311 affects PcVue versions 15 through 15.2.2.
What kind of information is at risk due to CVE-2022-4311?
Due to CVE-2022-4311, connection strings and potentially sensitive credentials could be exposed in log files.
Who can exploit CVE-2022-4311?
CVE-2022-4311 can be exploited by any user who has access to the log files of affected PcVue installations.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/arcinformatique
- canonical/esri arcinfo
- version/esri arcinfo/15
- version/esri arcinfo/15.2.2