CVE-2023-6839

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wso2:api_manager:3.0.0:::::::*
	cpe:2.3:a:wso2:api_manager:3.1.0:::::::*
	cpe:2.3:a:wso2:api_manager:3.2.0:::::::*
	cpe:2.3:a:wso2:api_manager:4.0.0:::::::*

History

21 Dec 2023, 19:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wso2:api_manager:4.0.0:::::::* cpe:2.3:a:wso2:api_manager:3.2.0:::::::* cpe:2.3:a:wso2:api_manager:3.1.0:::::::* cpe:2.3:a:wso2:api_manager:3.0.0:::::::*
CWE		CWE-209
References	~~() https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/ -~~	() https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

15 Dec 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-15 11:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6839

Mitre link : CVE-2023-6839

CVE.ORG link : CVE-2023-6839

JSON object : View

Products Affected

wso2

api_manager

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2023-6839", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T11:15:48.003", "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/", "tags": ["Vendor Advisory"], "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.\n\n"}, {"lang": "es", "value": "Debido a un manejo inadecuado de errores, un recurso de API REST podr\u00eda exponer un error del lado del servidor que contenga un nombre de paquete interno espec\u00edfico de WSO2 en la respuesta HTTP."}], "lastModified": "2023-12-21T19:16:21.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF14774-8935-4FC9-B5C8-9771B3D6EBFD"}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1344FB79-0796-445C-A8F3-C03E995925D1"}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21D7ABF-C328-425D-B914-618C7628220B"}], "operator": "OR"}]}], "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}