Lucene search

[email protected]CVE-2020-23284

HistoryJul 20, 2021 - 8:15 p.m.

CVE-2020-23284

2021-07-2020:15:07

CWE-532

[email protected]

web.nvd.nist.gov

cve-2020-23284

information disclosure

mv's idce application

aspx pages

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Information disclosure in aspx pages in MV’s IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

Affected configurations

NVD

Node

mvidceMatch1.0

CPENameOperatorVersion
mv:idcemv idceeq1.0

CPE	Name	Operator	Version
mv:idce	mv idce	eq	1.0

References

github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2020-23284

nvd1 cvelist1 prion1