MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2025-49193

CVSS 4.2v3.1pub. 2025-06-12upd. 2026-01-26

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Sick Baggage Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Field Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Logistic Diagnostic Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Media Server

    APP
    Sick
    < 1.5
  • Sick Package Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Tire Analytics

    APP
    Sick
    wszystkie wersje
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-2076CRITICAL9.8ten sam produkt

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass...

CVE-2025-49183HIGH7.5ten sam produkt

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...

CVE-2025-49181HIGH8.6ten sam produkt

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...

CVE-2025-49182HIGH7.5ten sam produkt

Files in the source code contain login credentials for the admin user and the property configuration password,...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-49193 β€” Sick β€” Baggage Analytics β€” MEDIUM β€” CVSS 4.2 | CVEbaza.pl