CVE-2022-0835Cleartext Storage of Sensitive Information in Memory in System Platform

CWE-316Cleartext Storage of Sensitive Information in MemoryCWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUMNVD
CNA8.1
EPSS
0.0%
top 87.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Aveva System PlatformAveva System Platform
Timeline
PublishedApr 11
Latest updateApr 12

Description

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5aveva/aveva_system_platform2020, 2020 R2S, 5.59 2020 R2 P01+2

🔴Vulnerability Details

2
GHSA
GHSA-h4jv-267r-4gxq: AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user2022-04-12
CVEList
AVEVA System Platform Cleartext Storage of Sensitive Information in Memory2022-04-11
CVE-2022-0835 — Aveva System Platform vulnerability | cvebase