CVE-2020-23284 - OpenCVE

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mv	Idce

Configuration 1 [-]

cpe:2.3:a:mv:idce:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-20T19:29:07

Updated: 2021-07-20T19:29:07

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-23284

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-20T20:15:07.543

Modified: 2021-07-31T00:53:49.467

Link: CVE-2020-23284

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mv:idce:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "608A77D2-E150-46EF-B290-4EE962144EA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application."}, {"lang": "es", "value": "Una divulgaci\u00f3n de informaci\u00f3n en p\u00e1ginas aspx en la aplicaci\u00f3n IDCE versi\u00f3n v1.0 de MV, permite a un atacante copiar y pegar p\u00e1ginas aspx en el final de la aplicaci\u00f3n URL que se conectan a la base de datos, lo que revela informaci\u00f3n interna y confidencial sin necesidad de iniciar sesi\u00f3n en la aplicaci\u00f3n web"}], "id": "CVE-2020-23284", "lastModified": "2021-07-31T00:53:49.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-20T20:15:07.543", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}