CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*

History

08 Nov 2023, 19:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hitachienergy:esoms::::::::
CWE		NVD-CWE-noinfo
First Time		Hitachienergy Hitachienergy esoms
References	~~(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true -~~	(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

01 Nov 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-5515

Mitre link : CVE-2023-5515

CVE.ORG link : CVE-2023-5515

JSON object : View

Products Affected

hitachienergy

esoms

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-5515", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-11-01T03:15:07.993", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"}, {"lang": "es", "value": "Las respuestas a consultas web con ciertos par\u00e1metros revelan la ruta interna de los recursos. Esta informaci\u00f3n se puede utilizar para conocer la estructura interna de la aplicaci\u00f3n y para planear m\u00e1s ataques contra servidores web y aplicaciones web implementadas."}], "lastModified": "2023-11-08T19:28:26.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289", "versionEndIncluding": "6.3.13"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}