exploitDog

CVE-2020-23284

Опубликовано: 20 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

Ссылки

https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure
Third Party Advisory
https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mv:idce:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-jq79-7r7x-wcgv

github

больше 3 лет назад

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532