CVE-2024-12057 LOW

CVE-2024-12057: User credentials recorded in log files

Vendor Arcinfo
Product PcVue
Weakness CWE-532 · Sensitive info in logs
Published December 9, 2024
Last update March 21, 2025

CVSS base score

1.8/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Clear

What the vulnerability does

01Description

User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

Key dates

02Disclosure timeline

December 9, 2024 CVE published
March 21, 2025 Record updated