N/A

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

不充分的会话过期机制

Siemens SINEC INS 代码问题漏洞

Siemens SINEC INS是德国西门子（Siemens）公司的一款为网络基础设施提供中央服务的软件。 Siemens SINEC INS存在代码问题漏洞，该漏洞源于当相关用户被删除或禁用或其权限被修改时，受影响的应用程序不会正确使会话无效。这可能允许经过身份验证的攻击者在其用户帐户被禁用后继续执行恶意操作。

N/A

N/A