What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
Explanation of Vulnerability in Simple Terms
eRoom versions 1.5.6 and earlier contain an information disclosure vulnerability accessible over the network without authentication. An attacker can read sensitive data from the application, though the scope extends beyond the vulnerable component itself. No user interaction is required to exploit this flaw.
What an attacker can do
Read sensitive information from the application without logging in.
Potential impact on your site
Confidential data may be exposed to unauthenticated attackers on the internet.
Conditions required to exploit
Network access to the eRoom instance; no authentication required.
Key dates
External resources