CVE-2023-5514 - OpenCVE

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachienergy	Esoms

Configuration 1 [-]

cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2023-11-01T02:40:53.285Z

Updated: 2023-11-01T02:40:53.285Z

Reserved: 2023-10-11T01:30:06.720Z

Link: CVE-2023-5514

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-01T03:15:07.933

Modified: 2023-11-08T19:36:35.017

Link: CVE-2023-5514

JSON object: View

Redhat Information

No data.

CWE

CWE-209

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289", "versionEndIncluding": "6.3.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"}, {"lang": "es", "value": "Se puede abusar de los mensajes de respuesta recibidos de la generaci\u00f3n del informe eSOMS utilizando ciertas consultas de par\u00e1metros con la ruta completa del archivo para enumerar la estructura del sistema de archivos local."}], "id": "CVE-2023-5514", "lastModified": "2023-11-08T19:36:35.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2023-11-01T03:15:07.933", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}