VDB

CISA-2024-46894

CISA-2024-46894 PUBLISHED CVSS 6.3 MEDIUM

Reported by siemens · Published November 12, 2024

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

Risk Scores

CVSS 3.1
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SiemensSINEC INS0
siemenssinec_ins0, 0
SiemensSINEC INS0, 0

Timeline

  • Nov 12, 2024 CVE Published
  • Nov 12, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›