A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2022-03-08T00:00:00
Updated: 2023-10-10T10:20:54.455Z
Reserved: 2022-02-17T00:00:00
Link: CVE-2022-25311
JSON object: View
NVD Information
Status : Modified
Published: 2022-03-08T12:15:11.727
Modified: 2023-10-10T11:15:10.477
Link: CVE-2022-25311
JSON object: View
Redhat Information
No data.
CWE