CVE-2022-21184 - OpenCVE

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atvise	Atvise

Configuration 1 [-]

OR	cpe:2.3:a:atvise:atvise:3.5.4:::::::*
	cpe:2.3:a:atvise:atvise:3.6:::::::*
	cpe:2.3:a:atvise:atvise:3.7:::::::*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2022-06-17T17:40:12.075656Z

Updated: 2024-09-16T21:58:28.388Z

Reserved: 2022-01-25T00:00:00

Link: CVE-2022-21184

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-17T18:15:08.023

Modified: 2022-06-30T12:52:09.663

Link: CVE-2022-21184

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Atvise", "vendor": "Bachmann Visutec GmbH", "versions": [{"status": "affected", "version": "3.5.4"}, {"status": "affected", "version": "3.6"}, {"status": "affected", "version": "3.7"}]}], "datePublic": "2022-06-15T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-17T17:40:11", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2022-06-15", "ID": "CVE-2022-21184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Atvise", "version": {"version_data": [{"version_affected": "=", "version_value": "3.5.4"}, {"version_affected": "=", "version_value": "3.6"}, {"version_affected": "=", "version_value": "3.7"}]}}]}, "vendor_name": "Bachmann Visutec GmbH"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 5.9, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:59.662Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2022-21184", "datePublished": "2022-06-17T17:40:12.075656Z", "dateReserved": "2022-01-25T00:00:00", "dateUpdated": "2024-09-16T21:58:28.388Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atvise:atvise:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "302AE105-B697-4A1F-9EDC-9D195EC4B56A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atvise:atvise:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A176674-CA80-4A3D-A3A5-AC276654B31A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atvise:atvise:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "55E8B296-633F-45FE-9D22-D0A1B3E729C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de registro de licencias de Bachmann Visutec GmbH Atvise versiones 3.5.4, 3.6 y 3.7. Una petici\u00f3n HTTP en texto plano puede conllevar a una divulgaci\u00f3n de las credenciales de inicio de sesi\u00f3n. Un atacante puede llevar a cabo un ataque de tipo man-in-the-middle para desencadenar esta vulnerabilidad"}], "id": "CVE-2022-21184", "lastModified": "2022-06-30T12:52:09.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-17T18:15:08.023", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1461"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}