PT-2020-14833 · Ge Digital · Ge Digital Apm Classic
Published
2020-09-23
·
Updated
2020-10-05
·
CVE-2020-16240
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GE Digital APM Classic versions 4.4 and prior
Description
The issue allows an insecure direct object reference, enabling users without proper privileges to download user account data in JSON format. This can lead to the exposure of sensitive data related to user accounts.
Recommendations
For GE Digital APM Classic versions 4.4 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ge Digital Apm Classic