A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

Уязвимость веб-интерфейса программного обеспечения для управления сетевой инфраструктурой SINEC INS (Infrastructure Network Services), связанная с ошибкой проверки авторизации пользователя, позволяющая нарушителю получить информацию о списке пользователей службы SFTP и изменить конфигурацию