CVE-2022-22703 — Log File Information Exposure in Network Security

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stormshield Network Security

Timeline

PublishedJan 17

Latest updateJan 18

Description

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDstormshield/network_security2.0.0 — 2.1.1+1

🔴Vulnerability Details

GHSA

GHSA-jw2v-66vp-9x24: In Stormshield SSO Agent 2↗2022-01-18

▶

CVEList

CVE-2022-22703: In Stormshield SSO Agent 2↗2022-01-17

▶