CVE-2022-4312

Name of the Vulnerable Software and Affected Versions PcVue versions 8.10 through 15.2.3

Description A cleartext storage of sensitive information issue exists, allowing an unauthorized user with access to the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation could allow an unauthorized user access to the underlying email account and SIM card.

Recommendations For PcVue versions 8.10 through 15.2.3, consider restricting access to the email and SMS accounts configuration files to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive information stored in cleartext until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.