CVE-2022-21184

Summary

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Bachmann Visutec GmbHAtvise3.5.4affected
Bachmann Visutec GmbHAtvise3.6affected
Bachmann Visutec GmbHAtvise3.7affected

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References