Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Published: 2026-03-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in ixray-1.6-stcop permits an unauthorized actor to access sensitive information that should be protected, representing a data breach scenario typical of information disclosure flaws. This issue maps to the common weakness enumeration CWE‑200 and allows an adversary to read data beyond their privileges, potentially compromising confidentiality.

Affected Systems

The affected product is ixray‑1.6‑stcop from the ixray‑team, with all releases prior to version 1.3 vulnerable. Specifically, any deployment of ixray‑1.6‑stcop before version 1.3 is impacted and should be considered at risk until an upgrade is applied.

Risk and Exploitability

The reported CVSS score of 5.3 indicates moderate severity; no EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires the attacker to have access to the ixray‑1.6‑stcop environment or an exposed endpoint, but no detailed attack vector is provided. Because the flaw discloses sensitive data, it can result in significant privacy or reputational damage if leveraged.

Generated by OpenCVE AI on March 24, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ixray‑1.6‑stcop installation to version 1.3 or later to eliminate the disclosure flaw.
  • If an upgrade is not immediately feasible, restrict network access to the ixray‑1.6‑stcop instance and enforce strict authentication and authorization controls to limit exposure of sensitive data.
  • Continuously monitor application logs for anomalous read operations or unauthorized data access patterns and respond to any detected incidents promptly.

Generated by OpenCVE AI on March 24, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Ixray-team
Ixray-team ixray-1.6-stcop
Vendors & Products Ixray-team
Ixray-team ixray-1.6-stcop

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Title Information disclosure in ixray-1.6-stcop
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Ixray-team Ixray-1.6-stcop
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T18:27:50.320Z

Reserved: 2026-03-24T02:52:17.117Z

Link: CVE-2026-4733

cve-icon Vulnrichment

Updated: 2026-03-24T18:27:47.687Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:25.763

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4733

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:24Z

Weaknesses