CVE-2024-39875

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description The issue is related to the incorrect assignment of permissions for a critical resource in the Group Membership Handler component. This can allow a remote attacker to gain unauthorized access to protected information. The affected application allows authenticated, low-privilege users with the Manage own remote connections permission to retrieve details about other users and group memberships.

Recommendations For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting the Manage own remote connections permission to minimize the risk of exploitation.