cbcvebase.

Arc Informatique Pcvue vulnerabilities

5 known vulnerabilities affecting arc_informatique/pcvue.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-26867P2CRITICALCVSS 9.8≥ unspecified, ≤ 12.0.172020-10-12
CVE-2020-26867 [CRITICAL] CWE-502 CVE-2020-26867: ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untruste ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
nvd
CVE-2020-26869P3HIGHCVSS 7.5≥ unspecified, ≤ 12.0.172020-10-12
CVE-2020-26869 [HIGH] CWE-200 CVE-2020-26869: ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unau ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.
nvd
CVE-2020-26868P3HIGHCVSS 7.5≥ unspecified, ≤ 12.0.172020-10-12
CVE-2020-26868 [HIGH] CWE-767 CVE-2020-26868: ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to t ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.
nvd
CVE-2022-4311P4MEDIUMCVSS 6.5≥ 15, ≤ 15.2.22022-12-12
CVE-2022-4311 [MEDIUM] CWE-532 CVE-2022-4311: An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 throu An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorize
nvd
CVE-2022-4312P4MEDIUMCVSS 5.5≥ 8.10, ≤ 15.2.32022-12-12
CVE-2022-4312 [MEDIUM] CWE-312 CVE-2022-4312: A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15 A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful expl
nvd
Arc Informatique Pcvue vulnerabilities | cvebase