CVE-2021-33727Sensitive Information Exposure in Siemens Sinec NMS

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 44.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedOct 12
Latest updateMay 24

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsiemens/sinec_nms< 1.0+1
CVEListV5siemens/sinec_nmsAll versions < V1.0 SP2 Update 1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-5cj8-hj5v-h9wr: A vulnerability has been identified in SINEC NMS (All versions < V12022-05-24
CVEList
CVE-2021-33727: A vulnerability has been identified in SINEC NMS (All versions < V12021-10-12
CVE-2021-33727 — Sensitive Information Exposure | cvebase