Severity
Medium
Analysis Summary
CVE-2023-5516 CVSS:5.3
Hitachi Energy eSOMS could allow a remote attacker to obtain sensitive information, caused by a flaw in the responses for web queries. By sending a specially crafted constructed webap requests and URI components with special characters, a remote attacker could exploit this vulnerability to obtain sensitive information details.
CVE-2023-5515 CVSS:5.3
Hitachi Energy eSOMS could allow a remote attacker to obtain sensitive information, caused by a flaw in the responses for web queries. By sending a specially crafted request, a remote attacker could exploit this vulnerability to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.
CVE-2023-5514 CVSS:5.3
Hitachi Energy eSOMS could allow a remote attacker to obtain sensitive information. By using certain parameter queries with full file path, a remote attacker could exploit this vulnerability to enumerating the local file system structure.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-5516
- CVE-2023-5515
- CVE-2023-5514
Affected Vendors
Hitachi
Affected Products
- Hitachi Energy eSOMS 6.0
- Hitachi Energy eSOMS 6.3.13
Remediation
Refer to Hitachi Energy Security Advisory for patch, upgrade or suggested workaround information.