CVE-2020-23284

{"id": "CVE-2020-23284", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-07-20T20:15:07.543", "references": [{"url": "https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application."}, {"lang": "es", "value": "Una divulgaci\u00f3n de informaci\u00f3n en p\u00e1ginas aspx en la aplicaci\u00f3n IDCE versi\u00f3n v1.0 de MV, permite a un atacante copiar y pegar p\u00e1ginas aspx en el final de la aplicaci\u00f3n URL que se conectan a la base de datos, lo que revela informaci\u00f3n interna y confidencial sin necesidad de iniciar sesi\u00f3n en la aplicaci\u00f3n web"}], "lastModified": "2024-11-21T05:13:42.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mv:idce:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "608A77D2-E150-46EF-B290-4EE962144EA9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}