MEDIUM🇬🇧 English

CVE-2025-49187

CVSS 5.3v3.1pub. 2025-06-12upd. 2026-01-29

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Sick Field Analytics

    APP
    Sick
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-49199HIGH8.8ten sam produkt

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a ...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-49186MEDIUM5.3ten sam produkt

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a...

CVE-2025-49190MEDIUM4.3ten sam produkt

The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server in...

CVE-2025-49188MEDIUM5.3ten sam produkt

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to infor...