CVE-2024-12057

Dec. 9, 2024, 7:15 p.m.

None
No Score

Description

User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

Product(s) Impacted

Product Versions
PcVue Web
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

https://www.pcvue.com/security/#SB2024-6

Tags

CWE-532
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932
2024-12-09
CVE-2024-12057

Timeline

Published: Dec. 9, 2024, 7:15 p.m.
Last Modified: Dec. 9, 2024, 7:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.