CVE-2024-35210

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to V1.2

Description: A vulnerability has been identified in the web server of SINEC Traffic Analyzer, where it is not enforcing HSTS. This could allow an attacker to perform downgrade attacks, exposing confidential information. The vulnerability is related to the transmission of data in plain text, which can be exploited by a remote attacker to execute a downgrade attack.

Recommendations: For versions prior to V1.2, consider enforcing HSTS on the web server to prevent downgrade attacks. As a temporary workaround, restrict access to sensitive information until a patch is available.