CVE-2023-5516

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true	Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:41

Type	Values Removed	Values Added
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - Vendor Advisory~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - Vendor Advisory

08 Nov 2023, 19:40

Type	Values Removed	Values Added
References	~~(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true -~~	(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - Vendor Advisory
First Time		Hitachienergy Hitachienergy esoms
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:hitachienergy:esoms::::::::

01 Nov 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 03:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5516

Mitre link : CVE-2023-5516

CVE.ORG link : CVE-2023-5516

JSON object : View

Products Affected

hitachienergy

esoms

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2023-5516", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-11-01T03:15:08.060", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"}, {"lang": "es", "value": "Las solicitudes de aplicaciones web mal construidas y los componentes URI con caracteres especiales desencadenan errores y excepciones no controlados, revelando informaci\u00f3n sobre la tecnolog\u00eda subyacente y otros detalles de informaci\u00f3n confidencial. El sitio web revela involuntariamente informaci\u00f3n confidencial, incluidos detalles t\u00e9cnicos como informaci\u00f3n de la versi\u00f3n, endpoints, servidor backend e IP interna. etc., lo que potencialmente puede exponer una superficie de ataque adicional que contiene otras vulnerabilidades interesantes."}], "lastModified": "2024-11-21T08:41:55.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289", "versionEndIncluding": "6.3.13"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}