Описание
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
Ссылки
- Vendor Advisory
- US Government Resource
- Not Applicable
- Vendor Advisory
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:enterprise_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-598
Связанные уязвимости
CVSS3: 5.3
github
4 месяца назад
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-598