Information Exposure in XHQ Application by Siemens
CVE-2019-19283

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Xhq
Vendor: CVE Published:; 14 December 2020

Summary

A security flaw has been identified in the XHQ application by Siemens, where the web server may unintentionally expose details regarding its architecture. This form of information disclosure could potentially empower attackers by providing them with valuable insights into the server's version and configuration, thereby enabling them to craft more targeted and effective attacks. It is essential for users of XHQ prior to version 6.1 to assess their risk and consider mitigations.

Affected Version(s)

XHQ All Versions < 6.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71269...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2020
Vulnerability Reserved
Nov 26, 2019