MEDIUM🇬🇧 English

CVE-2025-58584

CVSS 5.3v3.1pub. 2025-10-06upd. 2026-01-27

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Sick Baggage Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Enterprise Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Logistic Diagnostic Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Package Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Tire Analytics

    APP
    Sick
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-2076CRITICAL9.8ten sam produkt

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2020-2077HIGH7.5ten sam produkt

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default pe...

CVE-2025-58579MEDIUM5.3ten sam produkt

Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint...

CVE-2025-58580MEDIUM6.5ten sam produkt

An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient va...