SICK Incoming Goods Suite Generation of Error Message Containing Sensitive Information Vulnerability
Vulnerability
A vulnerability exists in SICK Incoming Goods Suite that involves the improper generation of error messages. Certain error messages returned by the application expose internal system details, such as file paths, database errors, and software versions, which should not be visible to end users. This exposure provides attackers with valuable reconnaissance information that can be used to map the application's internal structure and discover other, more critical vulnerabilities. The vulnerability affects all versions of SICK Incoming Goods Suite and was introduced in Grafana v11.5.0.
Impact
The vulnerability could potentially lead to the exposure of sensitive internal system details, such as file paths and software versions, to unauthorized users. This information could be leveraged by attackers to identify and exploit other vulnerabilities within the application.
Remediation
Users are strongly recommended to upgrade to the latest release of SICK Incoming Goods Suite (version 1.2.1 or higher).
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.