Описание
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8 (исключая)
Одновременно
Одно из
cpe:2.3:o:sick:ftmg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg_firmware:2.8:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg:-:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00882
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
CWE-400
Связанные уязвимости
CVSS3: 4.9
github
почти 4 года назад
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
EPSS
Процентиль: 75%
0.00882
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
CWE-400