Arbitrary Command Execution Vulnerability in SINEC NMS and SINEMA Server

Arbitrary Command Execution Vulnerability in SINEC NMS and SINEMA Server

CVE-2022-24281 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.

Learn more about our Web App Pen Testing.