PT-2022-16581 · Siemens · Sinec Nms+1
Published
2022-03-08
·
Updated
2023-03-14
·
CVE-2022-24281
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SINEC NMS versions prior to V1.0.3
SINEMA Server V14 (all versions)
Description
A security issue allows a privileged authenticated attacker to execute arbitrary commands in the local database. This is achieved by sending specially crafted requests to the webserver of the affected application.
Recommendations
For SINEC NMS versions prior to V1.0.3, update to version V1.0.3 or later.
For SINEMA Server V14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinec Nms
Sinema Server