exploitDog

CVE-2022-45895

Опубликовано: 25 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).

Ссылки

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/
Exploit
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:planetestream:planet_estream:*:*:*:*:*:*:*:*

Версия до 6.72.10.07 (исключая)

EPSS

Процентиль: 56%

0.00337

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-668

CWE-668

Связанные уязвимости

GHSA-gjgw-rx73-rvp5

CVSS3: 6.5

github

около 3 лет назад

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).

EPSS

Процентиль: 56%

0.00337

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-668

CWE-668