Описание
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0 (исключая)
Одно из
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:1.0:sp2:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
EPSS
Процентиль: 36%
0.00152
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other