CVE-2022-4312
First published: Mon Dec 12 2022(Updated: )
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri ArcInfo | >=8.10<=15.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-4312?
CVE-2022-4312 is classified as a medium severity vulnerability.
How do I fix CVE-2022-4312?
To fix CVE-2022-4312, upgrade PcVue to a version later than 15.2.3.
What systems are affected by CVE-2022-4312?
CVE-2022-4312 affects PcVue versions 8.10 through 15.2.3.
What type of vulnerability is CVE-2022-4312?
CVE-2022-4312 is a cleartext storage of sensitive information vulnerability.
What information could be exposed by CVE-2022-4312?
CVE-2022-4312 could expose SMTP account information due to vulnerable configuration file storage.
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/arcinformatique
- canonical/esri arcinfo
- version/esri arcinfo/8.10
- version/esri arcinfo/15.2.3