Lucene search
HistoryDec 25, 2022 - 5:15 a.m.
CVE-2022-45895
planet estream
sensitive information disclosure
html source code
default.aspx
whoami endpoint
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
33.2%
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Affected configurations
Node
planetestreamplanet_estreamRange<6.72.10.07
| Vendor | Product | Version | CPE |
|---|---|---|---|
| planetestream | planet_estream | * | cpe:2.3:a:planetestream:planet_estream:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-45895
2022-12-25 05:15:11
cvelist
cvelist
CVE-2022-45895
2022-12-25 00:00:00
prion
prion
Path traversal
2022-12-25 05:15:00
zdt
zdt
packetstorm
packetstorm
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
2022-12-09 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
33.2%
Related for NVD:CVE-2022-45895