CVE-2021-25692 : Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Con

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

Published 2021-04-06 20:15:14

Updated 2021-04-19 13:53:23

View at NVD, CVE.org

Products affected by CVE-2021-25692

Teradici » Pcoip Connection Manager And Security Gateway
Versions from including (>=) 21.01 and before (<) 21.01.3
cpe:2.3:a:teradici:pcoip_connection_manager_and_security_gateway:*:*:*:*:*:*:*:*
Matching versions
Teradici » Pcoip Connection Manager And Security Gateway
Versions from including (>=) 20.07 and before (<) 20.07.1
cpe:2.3:a:teradici:pcoip_connection_manager_and_security_gateway:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	0.9	3.6	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Assigned by: nvd@nist.gov (Primary)

https://advisory.teradici.com/security-advisories/77/

Teradici Security Advisories |
Mitigation;Patch;Vendor Advisory

Jump to