Main Vulnerability Database Vulnerabilities #VU74444

#VU74444 Information exposure through externally-generated error message in SecureTransport

Published: April 4, 2023

Vulnerability identifier: #VU74444

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-211

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SecureTransport

Software vendor:
Axway

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application while processing an HTTP request with an authorization header that contains invalid characters for base64 formatting. A remote attacker can view a stack trace message.

Remediation

Install updates from vendor's website.

External links

https://docs.axway.com/bundle/st_rn/page/consolidated_release_notes_for_all_2022_updates.html#5.5-20220825

#VU74444 Information exposure through externally-generated error message in SecureTransport

Description

Remediation

External links

Please verify you're human