Описание
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.
Ссылки
- Broken Link
- Vendor Advisory
- US Government Resource
- Not Applicable
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sick:media_server:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00277
Низкий
8.6 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 8.6
github
8 месяцев назад
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.
EPSS
Процентиль: 51%
0.00277
Низкий
8.6 High
CVSS3
Дефекты
CWE-862