Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSick Media Server
APPSick< 1.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2025-49194HIGH7.5ten sam produkt
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...
CVE-2025-49183HIGH7.5ten sam produkt
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...
CVE-2025-49181HIGH8.6ten sam produkt
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...
CVE-2025-49195MEDIUM5.3ten sam produkt
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-forc...
CVE-2025-49197MEDIUM6.5ten sam produkt
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to ga...