HIGH🇬🇧 English

CVE-2025-49183

CVSS 7.5v3.1pub. 2025-06-12upd. 2026-01-29

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Sick Media Server

    APP
    Sick
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-49194HIGH7.5ten sam produkt

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...

CVE-2025-49182HIGH7.5ten sam produkt

Files in the source code contain login credentials for the admin user and the property configuration password,...

CVE-2025-49181HIGH8.6ten sam produkt

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...

CVE-2025-49195MEDIUM5.3ten sam produkt

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-forc...

CVE-2025-49197MEDIUM6.5ten sam produkt

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to ga...