CVE-2024-39873

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description The issue is related to insufficient restriction of authentication attempts, allowing a remote attacker to obtain encrypted user credentials. The affected application does not properly implement brute force protection against user credentials in its web API, making user credentials vulnerable to brute force attacks.

Recommendations For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web API to minimize the risk of exploitation. Avoid using weak user credentials in the affected application until the issue is resolved.