Sensitive Information Disclosure in Planet eStream before 6.72.10.07: ON Cookie and WhoAmI Endpoint Vulnerability

Sensitive Information Disclosure in Planet eStream before 6.72.10.07: ON Cookie and WhoAmI Endpoint Vulnerability

CVE-2022-45895 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).

Learn more about our Web Application Penetration Testing UK.