CVE-2020-23284 — HIGH (7.5)

Vulnerability Description

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mv	Idce	1.0

Related Weaknesses (CWE)

CWE-532

References

https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposureThird Party Advisory
https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposureThird Party Advisory

FAQ

What is CVE-2020-23284?

CVE-2020-23284 is a vulnerability with a CVSS score of 7.5 (HIGH). Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals intern...

How severe is CVE-2020-23284?

CVE-2020-23284 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-23284?

Check the references section above for vendor advisories and patch information. Affected products include: Mv Idce.