HIGH🇵🇱 Wersja polska

CVE-2025-49199

CVSS 8.8v3.1pub. 2025-06-12upd. 2026-01-26

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sick Field Analytics

    APP
    Sick
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-49186MEDIUM5.3ten sam produkt

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a...

CVE-2025-49187MEDIUM5.3ten sam produkt

For failed login attempts, the application returns different error messages depending on whether the login fai...

CVE-2025-49188MEDIUM5.3ten sam produkt

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to infor...

CVE-2025-49185MEDIUM5.5ten sam produkt

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard w...