Sick Enterprise Analytics — known CVE vulnerabilities
Every CVE whose affected-product data names Sick Enterprise Analytics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-49184 — CVSS 7.5 (high): A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings…
CVE-2025-58587 — CVSS 6.5 (medium): The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making…
CVE-2025-58580 — CVSS 6.5 (medium): An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker…
CVE-2025-58583 — CVSS 5.3 (medium): The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-58586 — CVSS 5.3 (medium): For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect…
CVE-2025-58579 — CVSS 5.3 (medium): Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application…
CVE-2025-58582 — CVSS 5.3 (medium): If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and…
CVE-2025-58584 — CVSS 5.3 (medium): In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various…
CVE-2025-58581 — CVSS 4.3 (medium): When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as…
CVE-2025-58578 — CVSS 3.8 (low): A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no…