CVE-2022-45167 : Vulnerability Insights and Analysis
CVE-2022-45167 is a security flaw in Archibus Web Central, allowing basic users to access profile information of all connected users. Learn about the impact, exploitation, and mitigation.
An issue was discovered in Archibus Web Central 2022.03.01.107 where a service exposed by the application allows a basic user to access the profile information of all connected users.
Understanding CVE-2022-45167
This CVE identifies a security vulnerability in Archibus Web Central version 2022.03.01.107 that enables basic users to view the profile information of all connected users.
What is CVE-2022-45167?
CVE-2022-45167 is a security flaw found in Archibus Web Central 2022.03.01.107 that permits unauthorized access to user profile data by basic users.
The Impact of CVE-2022-45167
The impact of this vulnerability is rated as medium severity with a CVSS base score of 4.3. It could lead to unauthorized access to sensitive profile information.
Technical Details of CVE-2022-45167
This section delves into the specifics of the vulnerability.
Vulnerability Description
The vulnerability in Archibus Web Central exposes profile information of all connected users to basic level users, potentially compromising user privacy.
Affected Systems and Versions
The affected system is Archibus Web Central version 2022.03.01.107.
Exploitation Mechanism
Basic users can exploit this vulnerability through the exposed service to retrieve sensitive profile data of all connected users.
Mitigation and Prevention
Preventative measures to address CVE-2022-45167.
Immediate Steps to Take
Consider immediate actions to secure user profile data and restrict access to sensitive information.
Long-Term Security Practices
Incorporate stringent user access controls and regular security audits to prevent similar incidents in the future.
Patching and Updates
Ensure timely installation of patches and updates provided by Archibus to address this vulnerability.