Information Disclosure Flaw in WellinTech KingHistorian Software
CVE-2022-45124

7.5HIGH

Key Information:

Vendor: Wellintech
Status: Kinghistorian
Vendor: CVE Published:; 20 March 2023

Summary

An information disclosure vulnerability has been identified in the User authentication feature of WellinTech KingHistorian 35.01.00.05. This weakness allows an attacker to create specially crafted network packets that can potentially expose sensitive data through sniffing network traffic. Organizations using this version of KingHistorian should evaluate their network security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

KingHistorian 35.01.00.05

References

https://talosintelligence.com/vulnerability_reports/TALOS...

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2023
Vulnerability Reserved
Dec 2, 2022