exploitDog

CVE-2020-16240

Опубликовано: 23 сент. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ge:asset_performance_management_classic:*:*:*:*:*:*:*:*

Версия до 4.4 (включая)

EPSS

Процентиль: 37%

0.00159

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-pmpm-gxwf-jp9j

github

больше 3 лет назад

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.

EPSS

Процентиль: 37%

0.00159

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639