CVE-2020-16240
First published: Wed Sep 23 2020(Updated: )
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE Digital APM Classic | ||
| GE Digital APM Classic | <=4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-16240?
CVE-2020-16240 has a medium severity rating due to the potential exposure of sensitive user account data.
How do I fix CVE-2020-16240?
To fix CVE-2020-16240, it is recommended to upgrade to a later version of GE Digital APM Classic beyond version 4.4.
What type of vulnerability is CVE-2020-16240?
CVE-2020-16240 is classified as an insecure direct object reference (IDOR) vulnerability.
Who is affected by CVE-2020-16240?
Users of GE Digital APM Classic versions 4.4 and prior are affected by CVE-2020-16240.
What data can be compromised due to CVE-2020-16240?
CVE-2020-16240 can allow unauthorized users to download sensitive user account data in JSON format.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/references
- agent/severity
- agent/event
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/ge digital
- canonical/ge digital apm classic
- vendor/ge
- version/ge digital apm classic/4.4