Detailed error messages leads to information disclosure of sensitive information - CVE-2022-26973

Article number: [5633] - Legacy code: [12678]

Applicable to

Summary:

A vulnerability was identified in the Barco Control Room Management Suite web application that leads to information disclosure about the local path of the installation folder in which the Barco Control Room Management Suite web application is installed. The disclosed information is about the directories and file structure of the system. In this case, an unauthenticated remote attacker can reach the files system directory structure, local path information and so on via crafted requests and could be used to create further crafted requests & advanced attacks.

Issue severity:

Medium

Source:

The issue was notified to Barco through Barco’s responsible disclosure program by security researcher Murat Aydemir.

Affected products:

Barco Control Room Management Suite web application all versions before 3.14.1 release.

Fixed software:

The fix is available as part of Barco’s TransForm N 3.14.1 release. It is highly recommended to apply the fixes as part of this package. Further details of the release package are available in the release notes here.

TransForm N (TFN) stands for Barco’s visualization platform, consisting of display wall controller output nodes, input nodes, system and gateway nodes and the Control room Management software Suite (CMS). TransForm N helps control room professionals to collect all possible types of source data as well as organize and transform this source data in the most efficient and transparent way to create visual information on display walls.

Related files

Properties

Last updated Sep 25, 2023