Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinec_nms
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-12 | CVE-2021-33728 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33729 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | Sinec_nms | 8.8 | ||
| 2021-10-12 | CVE-2021-33730 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33731 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33732 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33733 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33734 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33735 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33736 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-12-16 | CVE-2021-42550 | In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | Cloud_manager, Service_level_manager, Snap_creator_framework, Logback, Satellite, Sinec_nms | 6.6 |