CVE-2022-45895 Information

Description

Planet eStream before 6.72.10.07 discloses sensitive information related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g. path disclosure).

Reference

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/