Is Spectrum vulnerable to CWE-209: Information Exposure through an Error Message?

book

Article ID: 208962

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Is Spectrum vulnerable to CWE-209: Information Exposure through an Error Message?

Verbose Error Messages

The Spectrum application was configured to display detailed error messages when an application exception was generated. Printing debugging information in the form of a stack trace associated with an error can leak information about the internal structure of the application which could potentially lead to the discovery or classification of additional vulnerabilities

Environment

Release : 20.2.x

Component : SPCOCK - Spectrum OneClick

Resolution

This issue has been fixed internally and should be available in the next Spectrum release that will be GA in the spring of 2021.