ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Is Spectrum vulnerable to CWE-209: Information Exposure through an Error Message?
Article ID: 208962
Updated On:
Products
CA Spectrum
Issue/Introduction
Is Spectrum vulnerable to CWE-209: Information Exposure through an Error Message?
Verbose Error Messages
The Spectrum application was configured to display detailed error messages when an application exception was generated. Printing debugging information in the form of a stack trace associated with an error can leak information about the internal structure of the application which could potentially lead to the discovery or classification of additional vulnerabilities
Environment
Release : 20.2.x
Component : SPCOCK - Spectrum OneClick
Resolution
This issue has been fixed internally and should be available in the next Spectrum release that will be GA in the spring of 2021.
Feedback
Yes
No
Powered by
