CVE-2023-5514Information Exposure via Error Message in Energy Esoms

CWE-209Information Exposure via Error Message3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 47.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachi Energy EsomsHitachienergy Esoms
Timeline
PublishedNov 1

Description

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5hitachi_energy/esoms6.06.3.13

🔴Vulnerability Details

2
CVEList
CVE-2023-5514: The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the2023-11-01
GHSA
GHSA-4284-q573-745v: The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the2023-11-01
CVE-2023-5514 — Information Exposure via Error Message | cvebase