SSLVPN Client – Possible password disclosure

SSLVPN Client – Possible password disclosure

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2021-028	CVE-2022-46893	05/20/2021	medium	v1

Vulnerability details

The user password saved in the SSLVPN client can be retrieved.

Impacted products

Products	Severity	Detail
SSL VPN Client	medium	SSL VPN Cient is impacted

Revisions

Version	Date	Description
v1	01/26/2023	Initial release

SSL VPN Client

CVSS v3.1 Overall Score: 6.4

Analysis	Impacted version
The user password saved in the SSLVPN client can be retrieved.	SSLVPN Client prior to 3.2.0

Workaround solution	Solution
There is no workaround solution.	The 3.2.0 update will fix this vulnerability.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Local	Low	Low	None	Unchanged	High	None	None

CVSS Base score: 5.5	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 4.8	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Confidentiality Requirement	Integrity Requirement	Availability Requirement
High	High	High

CVSS Environmental score: 6.4	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data