MEDIUM🇵🇱 Wersja polska

CVE-2020-16240

CVSS 5.3v3.1pub. 2020-09-23upd. 2024-11-21

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Ge Asset Performance Management Classic

    APP
    Ge
    ≤ 4.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2020-16244HIGH7.2ten sam produkt

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it ...

CVE-2023-5908CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2848CRITICAL9.1ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2825CRITICAL9.8ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0754CRITICAL9.8ten sam vendor

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...