CVE-2022-45124 HIGH

CVE-2022-45124

Vendor Wellintech

Product KingHistorian

Weakness CWE-200 · Info exposure

Published March 20, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.

Key dates

02Disclosure timeline

March 20, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45124 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit