Vulnerabilities > CVE-2020-16240 - Authorization Bypass Through User-Controlled Key vulnerability in GE Asset Performance Management Classic 4.4

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-639

NVD

Published: 2020-09-23

Updated: 2020-10-05

Summary

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.

Vulnerable Configurations

Part	Description	Count
Application	Ge GE Asset Performance Management Classic 4.4	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01