VYPR

SINEC NMS

by SINEC NMS

CVEs (5)

  • CVE-2025-40735HigJul 8, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

  • CVE-2024-41939HigAug 13, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.

  • CVE-2021-33728HigOct 12, 2021
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker…

  • CVE-2021-33722MedOct 12, 2021
    risk 0.32cvss 4.9epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.

  • CVE-2023-44315MedOct 10, 2023
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS)…