Arc Informatique

**Name of the Vulnerable Software and Affected Versions** PcVue versions 15 through 15.2.2 **Description** An issue exists where sensitive information is inserted into log files, potentially allowing users with access to these logs to discover connection strings of data sources configured for the DbConnect, which could include credentials. This could lead to unauthorized access to the underlying data sources. **Recommendations** For PcVue versions 15 through 15.2.2, consider restricting access to log files to minimize the risk of sensitive information disclosure until a patch is available. As a temporary workaround, limit the use of the DbConnect feature to reduce the exposure of credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PcVue versions 8.10 through 15.2.3 **Description** A cleartext storage of sensitive information issue exists, allowing an unauthorized user with access to the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation could allow an unauthorized user access to the underlying email account and SIM card. **Recommendations** For PcVue versions 8.10 through 15.2.3, consider restricting access to the email and SMS accounts configuration files to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive information stored in cleartext until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.