Lucene search
K

A vulnerability in the web interface for managing SINEC INS software, which manages network infrastructure, exists. This vulnerability is related to an incorrect session expiration time, allowing attackers to maintain a session after deleting the account.

🗓️ 26 Nov 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec
🔗 bdu.fstec.ru👁 8 Views

SINEC INS web interface has incorrect session expiration, allowing persistence after account deletion.

Related
Refs
ReporterTitlePublishedViews
Family
Circl
CVE-2024-46892
12 Nov 202413:36
circl
CNNVD
Siemens SINEC INS 代码问题漏洞
12 Nov 202400:00
cnnvd
CNVD
Siemens SINEC INS Session Expires Insufficiently Vulnerable
13 Nov 202400:00
cnvd
CVE
CVE-2024-46892
12 Nov 202412:49
cve
Cvelist
CVE-2024-46892
12 Nov 202412:49
cvelist
EUVD
EUVD-2024-42139
3 Oct 202520:07
euvd
NCSC
Vulnerabilities fixed in Siemens products
12 Nov 202414:19
ncsc
NVD
CVE-2024-46892
12 Nov 202413:15
nvd
Positive Technologies
PT-2024-8718 · Siemens · Sinec Ins
12 Nov 202400:00
ptsecurity
RedhatCVE
CVE-2024-46892
23 May 202506:28
redhatcve
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Nov 2024 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 34.9
CVSS 26.8
EPSS0.00292
8