Security
Headlines
HeadlinesLatestCVEs

Headline

Siemens SINEC NMS

This advisory contains mitigations for Improper Limitation of a Pathname to a Restricted Directory, Improper Authorization, Exposure of Sensitive Information to an Unauthorized Actor, Deserialization of Untrusted Data, and Improper Neutralization of Special Elements used in an SQL Command vulnerabilities in Siemens SINEC NMS network management software.

us-cert

Related news

CVE-2021-38176:

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

us-cert: Latest News

Delta Electronics DTM Soft