N/A

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

可信数据的反序列化

Siemens Siveillance Video Mobile Server 代码问题漏洞

Siemens Siveillance Video Mobile Server是德国西门子（Siemens）公司的一个视频移动服务器。让您可以随时随地通过智能手机或平板电脑快速、安全且用户友好地访问您的视频管理系统。 Siemens Siveillance Video Mobile Server 存在代码问题漏洞，该漏洞源于受影响应用程序的事件服务器组件在没有充分验证的情况下反序列化数据。这可能允许经过身份验证的远程攻击者在受影响的系统上执行代码。

N/A

N/A