CVE-2022-50686
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50686
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kentico xperience to 12.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50686 is an information disclosure vulnerability in Kentico Xperience (up to version 12.0) where detailed error messages from the Portal Engine form control expose sensitive stack trace details. These error messages reveal internal system information and implementation specifics to unauthorized users, potentially aiding attackers in understanding the system's inner workings. [1]

Impact Analysis

This vulnerability can impact you by exposing sensitive internal system information to unauthorized users through detailed error messages. Such information disclosure can help attackers gain insights into the system's architecture and implementation, potentially facilitating further attacks. The vulnerability affects confidentiality but does not impact integrity or availability. [1]

Detection Guidance

This vulnerability can be detected by triggering error messages in the Kentico Xperience Portal Engine form control and observing if detailed stack trace information is disclosed. You can test this by submitting malformed or unexpected input to the form controls and inspecting the HTTP responses for sensitive error details. Specific commands are not provided in the resources, but using tools like curl or a web proxy to send crafted requests and analyze responses can help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include applying the hotfix provided by the Kentico Security Team to address the vulnerability. Additionally, configuring the application to suppress detailed error messages in production environments can prevent sensitive information disclosure. [1]

Compliance Impact

The vulnerability exposes sensitive stack trace details and internal system information to unauthorized users, which can lead to information disclosure. Such exposure can negatively impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and prevention of unauthorized information disclosure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart