7.5
CVE-2020-2077
- EPSS 0.21%
- Veröffentlicht 29.07.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:34
- Quelle psirt@sick.de
- CVE-Watchlists
- Unerledigt
LoginSICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sick ≫ Package Analytics Version <= 04.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.