Описание
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
EPSS
5.3 Medium
CVSS4
6.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
Уязвимость веб-интерфейса программного обеспечения для управления сетевой инфраструктурой SINEC INS (Infrastructure Network Services), связанная с ошибкой проверки авторизации пользователя, позволяющая нарушителю получить информацию о списке пользователей службы SFTP и изменить конфигурацию
EPSS
5.3 Medium
CVSS4
6.3 Medium
CVSS3