CVE-2022-4311

Name of the Vulnerable Software and Affected Versions PcVue versions 15 through 15.2.2

Description An issue exists where sensitive information is inserted into log files, potentially allowing users with access to these logs to discover connection strings of data sources configured for the DbConnect, which could include credentials. This could lead to unauthorized access to the underlying data sources.

Recommendations For PcVue versions 15 through 15.2.2, consider restricting access to log files to minimize the risk of sensitive information disclosure until a patch is available. As a temporary workaround, limit the use of the DbConnect feature to reduce the exposure of credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.