PT-2026-33366 · Valtimo · Valtimo
Published
2026-04-16
·
Updated
2026-04-17
·
CVE-2026-34164
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Valtimo versions 13.0.0 through 13.21.0
Description
The
InboxHandlingService function handle() in the inbox module logs the full content of every incoming inbox message at the INFO level. These messages may contain sensitive information, such as personally identifiable information (PII), citizen identifiers (BSN), and case details. This data is exposed to individuals with access to application logs or Valtimo users with the admin role via the Admin UI logging module.Recommendations
Update to version 13.22.0.
Restrict access to application logs.
Adjust the log level for
com.ritense.inbox to WARN or higher in the application configuration.Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Valtimo