HIGH🇬🇧 English

CVE-2020-2077

CVSS 7.5v3.1pub. 2020-07-29upd. 2024-11-21

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Sick Package Analytics

    APP
    Sick
    ≤ 04.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-2076CRITICAL9.8ten sam produkt

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-58584MEDIUM5.3ten sam produkt

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URL...

CVE-2025-58579MEDIUM5.3ten sam produkt

Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint...

CVE-2025-58585MEDIUM5.3ten sam produkt

Multiple endpoints with sensitive information do not require authentication, making the application susceptibl...

CVE-2020-2077 — HIGH 7.5 | CVEbaza.pl