Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Siemens SINEC INS 代码问题漏洞
Vulnerability Description
Siemens SINEC INS是德国西门子(Siemens)公司的一款为网络基础设施提供中央服务的软件。 Siemens SINEC INS存在代码问题漏洞,该漏洞源于当相关用户被删除或禁用或其权限被修改时,受影响的应用程序不会正确使会话无效。这可能允许经过身份验证的攻击者在其用户帐户被禁用后继续执行恶意操作。
CVSS Information
N/A
Vulnerability Type
N/A