A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HSiemens Sinec Network Management System
APPSiemens< 1.0.3Siemens Sinema Server
APPSiemens14.0
Powiązane podatności
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass u...
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session va...
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly s...