Описание
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 6.0 (исключая)
Одно из
cpe:2.3:a:siemens:desigo_insight:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp5:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00174
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-209
Связанные уязвимости
github
больше 3 лет назад
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.
EPSS
Процентиль: 39%
0.00174
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-209