CVE-2019-13920

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V2.0 SP1

Description A security issue has been identified in the web application, where some parts are not protected against Cross Site Request Forgery (CSRF) attacks. This could be exploited by an attacker who can trigger requests of a logged-in user to the application, potentially allowing them to switch the connectivity state of a user or a device. At the time of publication, no public exploitation of this issue was known.

Recommendations For versions prior to V2.0 SP1, update to V2.0 SP1 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against CSRF attacks, such as validating requests and ensuring that sensitive actions require explicit user confirmation.