CVE-2022-45895

Name of the Vulnerable Software and Affected Versions Planet eStream versions prior to 6.72.10.07

Description The issue discloses sensitive information related to the ON cookie, which can be found in the HTML source code for "Default.aspx" in certain situations, and the "WhoAmI" endpoint, which can lead to path disclosure.

Recommendations For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "WhoAmI" endpoint and limiting the exposure of the ON cookie in the HTML source code for "Default.aspx" until a patch is applied.