Lucene search
K

14 matches found

NVD
NVD
added 2023/10/10 11:15 a.m.22 views

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

9CVSS8.2AI score0.00594EPSS
Exploits0References1
Prion
Prion
added 2023/10/10 11:15 a.m.22 views

Cross site scripting

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

6CVSS8.5AI score0.00594EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/10 10:21 a.m.28 views

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

8.3CVSS8.7AI score0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/10 10:21 a.m.14 views

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

8.3CVSS6.7AI score0.00594EPSS
Exploits0References1
CVE
CVE
added 2023/10/10 10:21 a.m.68 views

CVE-2023-35796

Siemens SINEMA Server V14 (all versions) is affected by a vulnerability where SNMP configuration data is not properly sanitized, enabling a stored cross-site scripting (XSS) attack that can lead to arbitrary code execution with SYSTEM privileges on the application server. The issue arises from th...

9CVSS8.5AI score0.00594EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/03/08 12:15 p.m.30 views

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

7.2CVSS0.01344EPSS
Exploits0References1
NVD
NVD
added 2022/03/08 12:15 p.m.38 views

CVE-2022-24281

A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...

7.2CVSS0.03354EPSS
Exploits0References1
Prion
Prion
added 2022/03/08 12:15 p.m.19 views

Privilege escalation

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...

6.5CVSS6.8AI score0.00506EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.4 views

PT-2022-16582 · Siemens · Sinema Server +1

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions 1.0.3 and later, prior to 2.0 SINEC NMS versions prior to 1.0.3 SINEMA Server V14 all versions Description: A security issue has been found that allows the upload of JSON objects which are then deserialized into Java object...

7.2CVSS7.3AI score0.01344EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/08 12:0 a.m.35 views

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

7.2CVSS7.3AI score0.01344EPSS
Exploits0References1
CVE
CVE
added 2022/03/08 12:0 a.m.102 views

CVE-2022-25311

The CVE-2022-25311 issue is an improper privilege management flaw in Siemens SINEC NMS (versions around 1.0.3 and SINEMA Server V14) where privileges are not correctly checked between users within the same browser session, enabling a authenticated low-privilege user to escalate privileges. Connec...

8.8CVSS6.7AI score0.00506EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/03/08 12:0 a.m.114 views

CVE-2022-24281

CVE-2022-24281 affects Siemens SINEC NMS (prior to v1.0.3) and SINEMA Server v14. Root cause is improper neutralization of special elements in SQL commands (SQL Injection). A privileged, authenticated attacker could send crafted requests to the webserver to execute arbitrary commands in the local...

7.2CVSS6.9AI score0.03354EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/08 12:0 a.m.107 views

CVE-2022-24282

CVE-2022-24282 affects Siemens SINEC NMS and SINEMA Server V14. The vulnerability is due to insecure deserialization of user-supplied JSON objects into Java objects, allowing a privileged attacker to execute arbitrary code on the device with root privileges. Affected versions of SINEC NMS include...

7.2CVSS7.1AI score0.01344EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/08 12:0 a.m.30 views

CVE-2022-25311

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...

7.3CVSS7.1AI score0.00506EPSS
Exploits0References1
Rows per page
Query Builder