Описание
Azure IoT Explorer Information Disclosure Vulnerability
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed by this vulnerability?
This vulnerability could allow an attacker with network access to the exposed Azure IoT Explorer API port to view sensitive data that the application makes available without authentication. Depending on how the application is used, this may include file contents from the host system, directory listings, IoT device data or configuration details, and metadata retrieved through server-side request forgery (SSRF), such as Azure Instance Metadata Service (IMDS) information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure IoT Explorer |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Уязвимость программного обеспечения Azure IoT Explorer, связанная с недостаточным ограничением канала связи для заданных конечных точек, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3