Sick Package Analytics — known CVE vulnerabilities
Every CVE whose affected-product data names Sick Package Analytics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2020-2076 — CVSS 9.8 (critical): SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with…
CVE-2020-2077 — CVSS 7.5 (high): SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An…
CVE-2025-49184 — CVSS 7.5 (high): A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings…
CVE-2020-2078 — CVSS 6.5 (medium): Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized…
CVE-2025-58587 — CVSS 6.5 (medium): The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making…
CVE-2025-58590 — CVSS 6.5 (medium): It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
CVE-2025-58591 — CVSS 6.5 (medium): A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application…
CVE-2025-58585 — CVSS 5.3 (medium): Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
CVE-2025-49186 — CVSS 5.3 (medium): The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it…
CVE-2025-58579 — CVSS 5.3 (medium): Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application…
CVE-2025-58584 — CVSS 5.3 (medium): In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various…
CVE-2025-58586 — CVSS 5.3 (medium): For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect…
CVE-2025-9913 — CVSS 4.5 (medium): JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session…
CVE-2025-9914 — CVSS 4.3 (medium): The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain…
CVE-2025-49193 — CVSS 4.2 (medium): The application fails to implement several security headers. These headers help increase the overall security level of the web application…
CVE-2025-58589 — CVSS 2.7 (low): When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as…