CVE-2023-5516

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*

History

08 Nov 2023, 19:40

Type Values Removed Values Added
References (MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - (MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - Vendor Advisory
First Time Hitachienergy
Hitachienergy esoms
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

01 Nov 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-01 03:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-5516

Mitre link : CVE-2023-5516

CVE.ORG link : CVE-2023-5516


JSON object : View

Products Affected

hitachienergy

  • esoms
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor