Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HSick Media Server
APPSickwszystkie wersje
Related vulnerabilities
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...
Files in the source code contain login credentials for the admin user and the property configuration password,...
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-forc...
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to ga...