You are here

ARC Informatique PcVue (ICSA-20-308-03)

ARC Informatique PcVue (ICSA-20-308-03)

Created: Tuesday, November 3, 2020 - 16:17
Categories:
Cybersecurity

CISA has published an advisory on deserialization of untrusted data, access to critical private variable via public method, and information exposure of sensitive information to an unauthorized actor vulnerabilities in ARC Informatique PcVue. PcVue Versions 8.10 to versions prior to 12.0.17 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, expose sensitive data, and prevent legitimate users from connecting to PcVue services. ARC Informatique recommends upgrading PcVue to v12.0.17. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.