An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
The ExonautWeb application in version 21.6 returns detailed, verbose error messages to the user. Such messages can disclose sensitive information about infrastructure, server configuration, system paths, technology stack, or database structure. This information can then be used by an attacker to prepare more precise attacks on the system.
An unauthenticated attacker operating remotely can obtain sensitive technical information about the application and server environment, which may facilitate further attacks leading to violations of system confidentiality, integrity, and availability.
Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to configure the application so that it does not expose detailed error messages to end users — technical errors should be logged exclusively on the server side.
4C Strategies Exonaut version 21.6 (ExonautWeb component)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H4cstrategies Exonaut
APP4Cstrategies21.6
Related vulnerabilities
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an e...
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.