Описание
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0 (исключая)
Одно из
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:4.0:-:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
4 месяца назад
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)
EPSS
Процентиль: 13%
0.00043
Низкий
8.8 High
CVSS3
Дефекты
CWE-89