CVE-2024-12057

CVSS

No CVSS.

ser credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

References

Link	Resource
https://www.pcvue.com/security/#SB2024-6

Configurations

No configuration.

History

09 Dec 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-09 19:15

Updated : 2024-12-09 19:15

NVD link : CVE-2024-12057

Mitre link : CVE-2024-12057

CVE.ORG link : CVE-2024-12057

JSON object : View

Products Affected

No product.

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-12057", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 1.8, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-09T19:15:12.750", "references": [{"url": "https://www.pcvue.com/security/#SB2024-6", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.\nBy exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application."}, {"lang": "es", "value": "Las credenciales de usuario (nombre de usuario y contrase\u00f1a) se insertan en los archivos de registro cuando un usuario intenta autenticarse utilizando una versi\u00f3n de un cliente web que no es compatible con la del back end web de PcVue. Al explotar esta vulnerabilidad, un atacante podr\u00eda recuperar las credenciales de un usuario accediendo al archivo de registro. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda llevar a un acceso no autorizado a la aplicaci\u00f3n."}], "lastModified": "2024-12-09T19:15:12.750", "sourceIdentifier": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}

CVE-2024-12057

JSON object

Attach tags to CVE-2024-12057

Attach tags to `CVE-2024-12057`