Debug Messages Revealing Unnecessary Information

CVE-2023-4215

Medium

6.5/10

Summary

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1295 - Debug Messages Revealing Unnecessary Information

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

References

Advisory Timeline

Published Oct 17, 2023

Debug Messages Revealing Unnecessary Information

CVE-2023-4215

Summary

CWE-1295 - Debug Messages Revealing Unnecessary Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS