Sinema Remote Connect Server
CVEs (59)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39868 | 0.00 | — | 0.00 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN… | |||
| CVE-2024-39867 | 0.00 | — | 0.00 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device… | |||
| CVE-2024-39866 | 0.00 | — | 0.00 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files… | |||
| CVE-2024-39571 | 0.00 | — | 0.01 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to… | |||
| CVE-2024-39570 | 0.00 | — | 0.01 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to… | |||
| CVE-2024-39569 | 0.00 | — | 0.01 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an… | |||
| CVE-2024-39568 | 0.00 | — | 0.01 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an… | |||
| CVE-2024-39567 | 0.00 | — | 0.01 | Jul 9, 2024 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an… | |||
| CVE-2022-32257 | 0.00 | — | 0.01 | Mar 12, 2024 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to… | |||
| CVE-2024-22045 | 0.00 | — | 0.00 | Mar 12, 2024 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This… | |||
| CVE-2022-32262 | 0.00 | — | 0.02 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | |||
| CVE-2022-32261 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | |||
| CVE-2022-32260 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in… | |||
| CVE-2022-32259 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture… | |||
| CVE-2022-32258 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | |||
| CVE-2022-32256 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | |||
| CVE-2022-32255 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | |||
| CVE-2022-32254 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an… | |||
| CVE-2022-32253 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | |||
| CVE-2022-32252 | 0.00 | — | 0.00 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to… |
- CVE-2024-39868Jul 9, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN…
- CVE-2024-39867Jul 9, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device…
- CVE-2024-39866Jul 9, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files…
- CVE-2024-39571Jul 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to…
- CVE-2024-39570Jul 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to…
- CVE-2024-39569Jul 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an…
- CVE-2024-39568Jul 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an…
- CVE-2024-39567Jul 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an…
- CVE-2022-32257Mar 12, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to…
- CVE-2024-22045Mar 12, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This…
- CVE-2022-32262Jun 14, 2022risk 0.00cvss —epss 0.02
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.
- CVE-2022-32261Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
- CVE-2022-32260Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in…
- CVE-2022-32259Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture…
- CVE-2022-32258Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.
- CVE-2022-32256Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
- CVE-2022-32255Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
- CVE-2022-32254Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an…
- CVE-2022-32253Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.
- CVE-2022-32252Jun 14, 2022risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to…
Page 2 of 3