SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSick Package Analytics
APPSick≤ 04.0.0
Related vulnerabilities
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default pe...
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URL...
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint...
Multiple endpoints with sensitive information do not require authentication, making the application susceptibl...