HIGH🇬🇧 English

CVE-2022-25311

CVSS 7.3v3.1pub. 2022-03-08upd. 2024-11-21

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Siemens Sinec Network Management System

    APP
    Siemens
    < 1.0.3
  • Siemens Sinema Server

    APP
    Siemens
    14.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2021-39275CRITICAL9.8ten sam produkt

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass u...

CVE-2019-10940CRITICAL9.9ten sam produkt

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session va...

CVE-2023-35796HIGH8.3ten sam produkt

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly s...