Cyber Resilience

CVE-2022-30350

HighPublic PoC

Published: 30 March 2023

Published
30 March 2023
Modified
18 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0030 53.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-30350 is a high-severity Exposure of Sensitive Information Due to Incompatible Policies (CWE-213) vulnerability in Avanquest Pdfescape. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does…

more

not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

avanquest
pdfescape
3.19.2.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-213

Marking hardware components with the permitted impact or classification level directly supports consistent policy enforcement, reducing the chance that sensitive data is processed on an incompatible component and thereby exposed.

addresses: CWE-213

Demands documented authority and policy alignment for PII processing, reducing exposure due to incompatible or absent policies.

addresses: CWE-213

Directly enforces purpose compatibility and policy alignment for PII processing, preventing exposure from incompatible policies.

References