MEDIUM🇬🇧 English

CVE-2022-32260

CVSS 6.5v3.1pub. 2022-06-14upd. 2024-11-21

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
  • Siemens Sinema Remote Connect Server

    APP
    Siemens
    < 3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2024-39872CRITICAL9.3PL ✓ten sam produkt

Privilege escalation w SINEMA Remote Connect Server przez tymczasowe pliki aktualizacji

CVE-2022-32257CRITICAL9.8PL ✓ten sam produkt

Siemens SINEMA Remote Connect Server — brak kontroli dostępu prowadzący do RCE

CVE-2022-25315CRITICAL9.8ten sam produkt

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25235CRITICAL9.8ten sam produkt

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...

CVE-2022-32260 — MEDIUM 6.5 | CVEbaza.pl