SINEMA Remote Connect Server Security Vulnerabilities
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code...
9.8CVSS
7.7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an...
7.8CVSS
8AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged...
6.5CVSS
6.8AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade...
4.3CVSS
4.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS)...
6.1CVSS
6.2AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade...
4.3CVSS
4.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown....
5.9CVSS
6.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper....
6.5CVSS
7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges ...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an...
7.5CVSS
7.7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited...
5.3CVSS
6.1AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing...
6.1CVSS
5.9AI Score
0.003EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or...
4.3CVSS
4.7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a....
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected...
4.3CVSS
4.7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known...
4.3CVSS
4.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected...
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can...
4.3CVSS
4.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating wi...
8.8CVSS
8.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the...
8.8CVSS
8.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a...
4.3CVSS
9AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote...
2.7CVSS
8.8AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid....
4.3CVSS
8.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no.....
9.8CVSS
8.9AI Score
0.002EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the...
8.8CVSS
9AI Score
0.001EPSS