PT-2020-15282 · Sick · Sick Package Analytics
Published
2020-07-29
·
Updated
2020-08-03
·
CVE-2020-2077
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SICK Package Analytics software versions prior to V04.0.1
Description
The issue arises from incorrect default permissions settings, allowing an unauthorized attacker to read sensitive data from the system. This can be achieved by querying for known files using the REST API directly.
Recommendations
For versions up to and including V04.0.0, update to a version later than V04.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sick Package Analytics