cbcvebase.

Arcinformatique Pcvue vulnerabilities

10 known vulnerabilities affecting arcinformatique/pcvue.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2026-1693P3HIGHCVSS 7.5≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1693 [HIGH] CWE-477 CVE-2026-1693: The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservic The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
nvd
CVE-2022-4311P4MEDIUMCVSS 6.5≥ 15, ≤ 15.2.22022-12-12
CVE-2022-4311 [MEDIUM] CWE-532 CVE-2022-4311: An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 throu An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorize
nvd
CVE-2026-1697P4MEDIUMCVSS 6.5≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1697 [MEDIUM] CWE-614 CVE-2026-1697: The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web ap The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
nvd
CVE-2026-1698P4MEDIUMCVSS 6.1≥ 15.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1698 [MEDIUM] CWE-644 CVE-2026-1698: A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback an
nvd
CVE-2026-1695P4MEDIUMCVSS 6.1≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1695 [MEDIUM] CWE-79 CVE-2026-1695: An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and S An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id). T
nvd
CVE-2026-1696P4MEDIUMCVSS 6.1≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1696 [MEDIUM] CWE-79 CVE-2026-1696: Some HTTP security headers are not properly set by the web server when sending responses to the clie Some HTTP security headers are not properly set by the web server when sending responses to the client application.
nvd
CVE-2026-1692P4MEDIUMCVSS 6.1≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1692 [MEDIUM] CWE-1385 CVE-2026-1692: A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the follow
nvd
CVE-2022-4312P4MEDIUMCVSS 5.5≥ 8.10, ≤ 15.2.32022-12-12
CVE-2022-4312 [MEDIUM] CWE-312 CVE-2022-4312: A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15 A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful expl
nvd
CVE-2022-2569P4MEDIUMCVSS 5.5fixed in 12.0.27≥ 15, ≤ 15.2.22022-08-24
CVE-2022-2569 [MEDIUM] CWE-312 CVE-2022-2569: The affected device stores sensitive information in cleartext, which may allow an authenticated user The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
nvd
CVE-2026-1694P4MEDIUMCVSS 4.3≥ 12.0.0, ≤ 15.2.13≥ 16.0.0, < 16.3.42026-02-26
CVE-2026-1694 [MEDIUM] CWE-201 CVE-2026-1694: HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the d HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.
nvd
Arcinformatique Pcvue vulnerabilities | cvebase