PT-2023-14625 · Archibus · Archibus Web Central
Dominique Righetto
·
Published
2023-01-10
·
Updated
2025-04-09
·
CVE-2022-45167
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Archibus Web Central version 2022.03.01.107
Description
An issue was discovered in the application where a service exposed allows a basic user to access the profile information of all connected users.
Recommendations
For Archibus Web Central version 2022.03.01.107, consider restricting access to the exposed service to prevent basic users from accessing profile information of all connected users. As a temporary workaround, restrict the service's functionality until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archibus Web Central