CVE-2022-21184
17.06.2022, 18:15
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| atvise | atvise | 3.5.4 |
| atvise | atvise | 3.6 |
| atvise | atvise | 3.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.