CVE-2022-32254

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.1

Description A vulnerability has been identified that could expose sensitive user information. This occurs when a customized HTTP POST request forces the application to write the status of a given user to a log file, potentially providing valuable guidance to an attacker.

Recommendations For versions prior to V3.1, update to version V3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation. Avoid using customized HTTP POST requests that could force the application to write sensitive user information to the log file until the issue is resolved.