CVE-2024-39874

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description A vulnerability has been identified in the Client Communication component of the SINEMA Remote Connect Server, where it does not properly implement brute force protection against user credentials. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. The issue is related to insufficient limitation of authentication attempts, which can be exploited by a remote attacker to obtain encrypted user credentials.

Recommendations For versions prior to V3.2 SP1, update to V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication attempt limits or monitoring for brute force attacks to minimize the risk of exploitation. Restrict access to the Client Communication component to prevent unauthorized access until the update is applied.