CVE-2024-46891

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 3

Description A vulnerability has been identified in the affected application where it does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events, exhausting the system's resources and creating a denial of service condition.

Recommendations For versions prior to V1.0 SP2 Update 3, update to V1.0 SP2 Update 3 or later to resolve the issue. As a temporary workaround, consider implementing restrictions on log file size to prevent excessive resource utilization. Restrict access to the logging mechanism to minimize the risk of exploitation.