Описание
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (исключая)
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00336
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
больше 3 лет назад
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.
EPSS
Процентиль: 56%
0.00336
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-863