RPC Response Information Disclosure Vulnerability in Vaadin

RPC Response Information Disclosure Vulnerability in Vaadin

CVE-2023-25500 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

Learn more about our Web Application Penetration Testing UK.