Information Exposure

Affecting org.eclipse.kura:target-platform artifact, versions [,4.1.0)

Do your applications use this vulnerable package? Test your applications

Overview

org.eclipse.kura:target-platform is a Java/OSGi-based container for M2M applications running in service gateways.

Affected versions of this package are vulnerable to Information Exposure. Exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server.

Remediation

Upgrade org.eclipse.kura:target-platform to version 4.1.0 or higher.

References

CVSS Score

3.7
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Matteo Maiero
CVE
CVE-2019-10243
CWE
CWE-200
Snyk ID
SNYK-JAVA-ORGECLIPSEKURA-174150
Disclosed
09 Apr, 2019
Published
10 Apr, 2019