CVE-2020-2077
HIGHSICK Package Analytics <= 04.0.0 - Unauthenticated Sensitive Data Exposure via REST API
Title source: llmDescription
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories
Scores
CVSS v3
7.5
EPSS
0.0101
EPSS Percentile
58.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (1)
sick/package_analytics
< 04.0.0
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026