CVE-2022-22908

EUVD-2022-28042
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
sangforvdi_client
5.4.2.1006
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/NF-Security-Team/CVEs/tree/main/CVE-2022-22908
https://github.com/NF-Security-Team/CVEs/tree/main/CVE-2022-22908