CVE-2022-45167
Description
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A service in Archibus Web Central allows basic users to access profile information of all connected users, leading to information disclosure.
Vulnerability
The vulnerability exists in Archibus Web Central version 2022.03.01.107. A service exposed by the application does not properly enforce access controls, allowing a basic user to retrieve profile information of all connected users. [1][2]
Exploitation
An attacker must have a basic user account (authenticated) and can exploit the service over the network. No user interaction is required. The attacker can simply make a request to the vulnerable service to obtain the profile data of other users. [2]
Impact
Successful exploitation results in unauthorized access to profile information (e.g., names, contact details) of all connected users. This is a low confidentiality impact; integrity and availability are not affected. The CVSS score is 4.3. [2]
Mitigation
As of the disclosure date, no patches are available. The vendor was contacted multiple times and acknowledged the issue, but no fix has been released. Organizations should monitor for updates or consider restricting access to the vulnerable service via network controls. [2]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Archibus/Web Centraldescription
- Range: =2022.03.01.107
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.