{"api_version":"1","generated_at":"2026-07-14T18:35:57+00:00","cve":"CVE-2022-4311","urls":{"html":"https://cve.report/CVE-2022-4311","api":"https://cve.report/api/cve/CVE-2022-4311.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4311","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4311"},"summary":{"title":"CVE-2022-4311","description":"An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This\ncould allow a user with access to the log files to discover connection strings of data sources configured for the\nDbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users\nunauthorized access to the underlying data sources.","state":"PUBLISHED","assigner":"icscert","published_at":"2022-12-12 18:15:13","updated_at":"2026-07-09 18:32:08"},"problem_types":["CWE-532","CWE-532 CWE-532 Insertion of Sensitive Information into Log File"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ics-cert@hq.dhs.gov","type":"Secondary","score":"4.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6","name":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"],"title":"Security bulletin","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4311","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4311","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ARC Informatique","product":"PcVue","version":"affected 15 15.2.2 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"ARC Informatique","lang":"en"}],"nvd_cpes":[{"cve_year":"2022","cve_id":"4311","vulnerable":"1","versionEndIncluding":"15.2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"arcinfo","cpe5":"pcvue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"4311","cve":"CVE-2022-4311","epss":"0.003290000","percentile":"0.248690000","score_date":"2026-07-13","updated_at":"2026-07-14 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T01:34:50.134Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2022-4311","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-04-14T14:51:25.883186Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-14T17:59:59.779Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"PcVue","vendor":"ARC Informatique","versions":[{"lessThanOrEqual":"15.2.2","status":"affected","version":"15","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"ARC Informatique"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nAn insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This\ncould allow a user with access to the log files to discover connection strings of data sources configured for the\nDbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users\nunauthorized access to the underlying data sources.\n\n"}],"value":"\nAn insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This\ncould allow a user with access to the log files to discover connection strings of data sources configured for the\nDbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users\nunauthorized access to the underlying data sources.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-532","description":"CWE-532 Insertion of Sensitive Information into Log File","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-12-12T17:08:30.847Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["vendor-advisory"],"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1165-security-bulletin-2022-6"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2022-4311","datePublished":"2022-12-12T17:08:30.847Z","dateReserved":"2022-12-06T19:08:45.932Z","dateUpdated":"2025-04-14T17:59:59.779Z","requesterUserId":"4bacbe59-ded0-410b-af09-0c6f387b5ddc","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2022-12-12 18:15:13","lastModifiedDate":"2026-07-09 18:32:08","problem_types":["CWE-532","CWE-532 CWE-532 Insertion of Sensitive Information into Log File"],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-14T14:51:25.883186Z","id":"CVE-2022-4311","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*","versionStartIncluding":"15","versionEndIncluding":"15.2.2","matchCriteriaId":"E9D949F2-C563-4FB4-A39E-D03024E82411"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"4311","Ordinal":"1","Title":"CVE-2022-4311","CVE":"CVE-2022-4311","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"4311","Ordinal":"1","NoteData":"An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This\ncould allow a user with access to the log files to discover connection strings of data sources configured for the\nDbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users\nunauthorized access to the underlying data sources.","Type":"Description","Title":"CVE-2022-4311"}]}}}