CVE-2024-23810

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V2.0 SP1

Description A vulnerability has been identified in the affected application, making it susceptible to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. The issue is related to the lack of protection for the SQL query structure, which can be exploited by a remote attacker to perform unauthorized actions on the server database.

Recommendations For versions prior to V2.0 SP1, update to V2.0 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using user-input data in SQL queries until the issue is resolved.