CVE-2023-35796

Name of the Vulnerable Software and Affected Versions SINEMA Server V14 (All versions)

Description A vulnerability has been identified in the SINEMA Server application, where it improperly sanitizes certain SNMP configuration data retrieved from monitored devices. This could allow an attacker with access to a monitored device to perform a stored cross-site scripting (XSS) attack, potentially leading to arbitrary code execution with SYSTEM privileges on the application server.

Recommendations For SINEMA Server V14 (All versions), consider restricting access to monitored devices and SNMP configuration data to minimize the risk of exploitation. As a temporary workaround, disabling the SNMP configuration data retrieval feature may help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.