CVE-2022-50686
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kentico | xperience | to 12.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50686 is an information disclosure vulnerability in Kentico Xperience (up to version 12.0) where detailed error messages from the Portal Engine form control expose sensitive stack trace details. These error messages reveal internal system information and implementation specifics to unauthorized users, potentially aiding attackers in understanding the system's inner workings. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive internal system information to unauthorized users through detailed error messages. Such information disclosure can help attackers gain insights into the system's architecture and implementation, potentially facilitating further attacks. The vulnerability affects confidentiality but does not impact integrity or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by triggering error messages in the Kentico Xperience Portal Engine form control and observing if detailed stack trace information is disclosed. You can test this by submitting malformed or unexpected input to the form controls and inspecting the HTTP responses for sensitive error details. Specific commands are not provided in the resources, but using tools like curl or a web proxy to send crafted requests and analyze responses can help detect the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the hotfix provided by the Kentico Security Team to address the vulnerability. Additionally, configuring the application to suppress detailed error messages in production environments can prevent sensitive information disclosure. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability exposes sensitive stack trace details and internal system information to unauthorized users, which can lead to information disclosure. Such exposure can negatively impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and prevention of unauthorized information disclosure. [1]