VDB
CISA-2024-46894
CISA-2024-46894
PUBLISHED
CVSS 6.3 MEDIUM
Reported by siemens · Published November 12, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
Risk Scores
CVSS 3.1
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINEC INS | 0 |
| siemens | sinec_ins | 0, 0 |
| Siemens | SINEC INS | 0, 0 |
Timeline
- Nov 12, 2024 CVE Published
- Nov 12, 2024 CVE Updated