CVE-2023-5516

MEDIUM

HitachiEnergy eSOMs < 6.3.13 - Unauthenticated Sensitive Information Exposure via Malformed WebAPI Requests

Title source: llm

Description

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.

References (1)

Core 1

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true

Scores

CVSS v3 5.3

EPSS 0.0038

EPSS Percentile 29.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

hitachienergy/esoms < 6.3.13

Published Nov 01, 2023

Tracked Since Feb 18, 2026