CVE-2020-25239
published 2021-03-15CVE-2020-25239: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinema_remote_connect_server | < 3.0 | 3.0 |
| siemens | sinema_remote_connect_server | — | — |