Description
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-598
Metadata
- Primary Vendor
- SICK
- Published
- 10/6/2025
- Last Modified
- 1/27/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
sick : baggage_analyticssick : enterprise_analyticssick : logistic_diagnostic_analyticssick : package_analyticssick : tire_analytics
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.