Siemens SINEC NMS 2.0 Service Pack 1

CPE Details

Siemens SINEC NMS 2.0 Service Pack 1
2.0
2024-12-27
14h55 +00:00
2024-12-27
14h55 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:siemens:sinec_nms:2.0:sp1:*:*:*:*:*:*

Informations

Vendor

siemens

Product

sinec_nms

Version

2.0

Update

sp1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-47808 2024-11-12 12h49 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system.
8.3
Haute
CVE-2024-41941 2024-08-13 07h54 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.
5.3
Moyen
CVE-2024-41940 2024-08-13 07h54 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
9.4
Critique
CVE-2024-41939 2024-08-13 07h54 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
8.7
Haute
CVE-2024-41938 2024-08-13 07h54 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.
5.1
Moyen
CVE-2024-36398 2024-08-13 07h54 +00:00 A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.
8.5
Haute
CVE-2021-39275 2021-09-16 12h40 +00:00 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
9.8
Critique
CVE-2021-34798 2021-09-16 12h40 +00:00 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
7.5
Haute