Primary

Context

SMA Sunny Portal Personal Data Disclosure Vulnerability

Vulnerability

A data disclosure vulnerability has been identified in SMA Sunny Portal versions prior to 15.08.2025. This vulnerability allows a low-privileged, authenticated user to obtain the username of another registered user by entering the user's email address.

Impact

Exploitation of this vulnerability allows for the unauthorized disclosure of personal data, specifically the names and surnames of registered users.

Remediation

The vulnerability has been addressed in Sunny Portal versions 15.08.2025 and later.

Added: Aug 19, 2025, 9:17 AM

Updated: Aug 19, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SMA Sunny Portal Personal Data Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating