Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
GE APM Classic 安全漏洞
Vulnerability Description
GE APM是美国通用电气(GE)公司的一款设备监控系统。该系统可以持续性对设备运行状态和故障进行监视。 APM Classic 4.4版本之前存在安全漏洞,该漏洞源于一个不安全的直接对象引用(IDOR)漏洞允许不应该访问该功能的用户以JavaScript对象符号(JSON)格式下载用户帐户数据。攻击者可利用该漏洞下载与用户帐户相关的敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A