CVE-2022-47554 HIGH

CVE-2022-47554: Exposure of Sensitive Information in Ormazabal products

Vendor Ormazabal
Product ekorCCP
Weakness CWE-200 · Info exposure
Published September 19, 2023
Last update August 3, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.

Key dates

02Disclosure timeline

September 19, 2023 CVE published
August 3, 2024 Record updated