CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:ge:asset_performance_management_classic:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:07

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 - Third Party Advisory, US Government Resource

Information

Published : 2020-09-23 14:15

Updated : 2024-11-21 05:07


NVD link : CVE-2020-16240

Mitre link : CVE-2020-16240

CVE.ORG link : CVE-2020-16240


JSON object : View

Products Affected

ge

  • asset_performance_management_classic
CWE
CWE-639

Authorization Bypass Through User-Controlled Key