Lucene search
MitreCVE-2022-45895HistoryDec 25, 2022 - 5:15 a.m.
CVE-2022-45895
2022-12-2505:15:11
CWE-668
mitre
web.nvd.nist.gov
28
planet estream
cve-2022-45895
sensitive information disclosure
on cookie
whoami endpoint
html source code
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
33.2%
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Affected configurations
Node
planetestreamplanet_estreamRange<6.72.10.07
| Vendor | Product | Version | CPE |
|---|---|---|---|
| planetestream | planet_estream | * | cpe:2.3:a:planetestream:planet_estream:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2022-45895
2022-12-25 05:15:11
cvelist
cvelist
CVE-2022-45895
2022-12-25 00:00:00
prion
prion
Path traversal
2022-12-25 05:15:00
zdt
zdt
packetstorm
packetstorm
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
2022-12-09 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
33.2%
Related for CVE-2022-45895