CVE-2023-5516Sensitive Information Exposure in Energy Esoms

CWE-200Sensitive Information ExposureCWE-332Insufficient Entropy in PRNG4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 50.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachi Energy EsomsHitachienergy Esoms
Timeline
PublishedNov 1

Description

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5hitachi_energy/esoms6.06.3.13

🔴Vulnerability Details

2
GHSA
GHSA-prpr-2cpp-jg5f: Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the2023-11-01
CVEList
CVE-2023-5516: Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the2023-11-01

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability2023-03-22
CVE-2023-5516 — Sensitive Information Exposure | cvebase