CVE-2024-39871

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description The issue is related to improper authorization. It allows a remote attacker to gain unauthorized access to participant groups they should not have access to. The vulnerability exploits the lack of proper separation of rights for editing device settings and communication relations settings. This could enable an authenticated attacker with device management permissions to access groups they do not belong to.

Recommendations For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to device management and communication relations settings to minimize the risk of exploitation.