An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/ | vendor advisory |
http://www.securityfocus.com/bid/99344 | vdb entry third party advisory |