Lucene search
Veracode Vulnerability DatabaseVERACODE:36559HistoryAug 02, 2022 - 6:06 a.m.
Information Disclosure
2022-08-0206:06:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
26.4%
dspace-jspui is vulnerable to information disclosure. The vulnerability exists because the doGet function of InternalErrorServlet.java does not properly sanitize the internal system error exceptions and stack traces, allowing an attacker to gain sensitive information through the exceptions and stack traces logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 4.9 | |
| dspace jsp-ui | le | 5.11 | |
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 4.9 | |
| dspace jsp-ui | le | 5.11 |
Related
nvd
nvd
CVE-2022-31189
2022-08-01 21:15:13
prion
prion
Design/Logic Flaw
2022-08-01 21:15:00
cve
cve
CVE-2022-31189
2022-08-01 21:15:13
osv
osv
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
2022-08-06 05:39:46
CVE-2022-31189
2022-08-01 21:15:13
cvelist
cvelist
github
github