Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
信息暴露
Vulnerability Title
Siemens SINEC INS 安全漏洞
Vulnerability Description
Siemens SINEC INS是德国西门子(Siemens)公司的一款为网络基础设施提供中央服务的软件。 Siemens SINEC INS存在安全漏洞,该漏洞源于受影响的应用程序不会正确验证用户查询 /api/sftp/users 端点的权限。这可能允许经过身份验证的远程攻击者了解 SFTP 服务的配置用户列表并修改该配置。
CVSS Information
N/A
Vulnerability Type
N/A