Sick Field_analytics
12 CVEs affecting Sick Field_analytics. Latest disclosed: 2025-06-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49199 | High | 8.8 | 2025-06-12 | The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows… |
CVE-2025-49184 | High | 7.5 | 2025-06-12 | A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. |
CVE-2025-49200 | Medium | 6.5 | 2025-06-12 | The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup fil… |
CVE-2025-49196 | Medium | 6.5 | 2025-06-12 | A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or s… |
CVE-2025-49185 | Medium | 5.5 | 2025-06-12 | The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into… |
CVE-2025-49188 | Medium | 5.3 | 2025-06-12 | The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering. |
CVE-2025-49187 | Medium | 5.3 | 2025-06-12 | For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existin… |
CVE-2025-49186 | Medium | 5.3 | 2025-06-12 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute… |
CVE-2025-49191 | Medium | 4.8 | 2025-06-12 | Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible… |
CVE-2025-49192 | Medium | 4.3 | 2025-06-12 | The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on s… |
CVE-2025-49190 | Medium | 4.3 | 2025-06-12 | The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports. |
CVE-2025-49193 | Medium | 4.2 | 2025-06-12 | The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing… |