Sick Media_server
10 CVEs affecting Sick Media_server. Latest disclosed: 2025-06-12. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49181 | High | 8.6 | 2025-06-12 | Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTT… |
CVE-2025-49194 | High | 7.5 | 2025-06-12 | The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic betwe… |
CVE-2025-49183 | High | 7.5 | 2025-06-12 | All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the poss… |
CVE-2025-49182 | High | 7.5 | 2025-06-12 | Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the a… |
CVE-2025-49197 | Medium | 6.5 | 2025-06-12 | The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account. |
CVE-2025-49195 | Medium | 5.3 | 2025-06-12 | The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the… |
CVE-2025-49189 | Medium | 5.3 | 2025-06-12 | The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to… |
CVE-2025-49192 | Medium | 4.3 | 2025-06-12 | The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on s… |
CVE-2025-49193 | Medium | 4.2 | 2025-06-12 | The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing… |
CVE-2025-49198 | Low | 3.1 | 2025-06-12 | The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible… |