Sick Enterprise_analytics
10 CVEs affecting Sick Enterprise_analytics. Latest disclosed: 2025-10-06. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49184 | High | 7.5 | 2025-06-12 | A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. |
CVE-2025-58587 | Medium | 6.5 | 2025-10-06 | The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an… |
CVE-2025-58580 | Medium | 6.5 | 2025-10-06 | An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can cr… |
CVE-2025-58586 | Medium | 5.3 | 2025-10-06 | For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existin… |
CVE-2025-58584 | Medium | 5.3 | 2025-10-06 | In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server… |
CVE-2025-58583 | Medium | 5.3 | 2025-10-06 | The application provides access to a login protected H2 database for caching purposes. The username is prefilled. |
CVE-2025-58582 | Medium | 5.3 | 2025-10-06 | If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to sen… |
CVE-2025-58579 | Medium | 5.3 | 2025-10-06 | Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enum… |
CVE-2025-58581 | Medium | 4.3 | 2025-10-06 | When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal infor… |
CVE-2025-58578 | Low | 3.8 | 2025-10-06 | A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, check… |