PT-2023-14625 · Archibus · Archibus Web Central

Dominique Righetto

Publicado

2023-01-10

Atualizado

2025-04-09

CVE-2022-45167

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Archibus Web Central version 2022.03.01.107

Description An issue was discovered in the application where a service exposed allows a basic user to access the profile information of all connected users.

Recommendations For Archibus Web Central version 2022.03.01.107, consider restricting access to the exposed service to prevent basic users from accessing profile information of all connected users. As a temporary workaround, restrict the service's functionality until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2022-45167

Produtos afetados

Archibus Web Central

PT-2023-14625 · Archibus · Archibus Web Central

CVE-2022-45167

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6