Security Advisory

CVE-2024-46894

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-12 12:49:45

Last updated 2024-11-12 14:19:46

Assigner siemens

State PUBLISHED

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

← Browse all CVEs View on cve.org ↗