Description
Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/ifmacedo/mconnect/blob/main/sensitiveDataExposure
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
54.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
mv/idce
1.0
Published
Jul 20, 2021
Tracked Since
Feb 18, 2026