CVE-2022-45895

Exploit

EPSS 0.34%
Veröffentlicht 25.12.2022 05:15:11
Zuletzt bearbeitet 14.04.2025 18:15:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Planetestream ≫ Planet Estream Version < 6.72.10.07

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.56

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-45895

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45895

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45895

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-45895