Sinema Remote Connect Server
CVEs (59)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32251 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and… | |||
| CVE-2022-27221 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially… | |||
| CVE-2022-27220 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking,… | |||
| CVE-2022-27219 | 0.00 | — | 0.01 | Jun 14, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking,… | |||
| CVE-2022-23102 | 0.00 | — | 0.05 | Feb 9, 2022 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing… | |||
| CVE-2021-37193 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). | |||
| CVE-2021-37192 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | |||
| CVE-2021-37190 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | |||
| CVE-2021-37191 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | |||
| CVE-2021-37183 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these… | |||
| CVE-2021-37177 | 0.00 | — | 0.00 | Sep 14, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. | |||
| CVE-2021-31338 | 0.00 | — | 0.00 | Aug 19, 2021 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. | |||
| CVE-2020-25240 | 0.00 | — | 0.01 | Mar 15, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. | |||
| CVE-2020-25239 | 0.00 | — | 0.01 | Mar 15, 2021 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker… | |||
| CVE-2019-13918 | 0.00 | — | 0.02 | Sep 13, 2019 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no… | |||
| CVE-2019-13919 | 0.00 | — | 0.01 | Sep 13, 2019 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network… | |||
| CVE-2019-13920 | 0.00 | — | 0.00 | Sep 13, 2019 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to… | |||
| CVE-2019-13922 | 0.00 | — | 0.01 | Sep 13, 2019 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the… | |||
| CVE-2019-6570 | 0.00 | — | 0.01 | Apr 17, 2019 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to… |
- CVE-2022-32251Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and…
- CVE-2022-27221Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially…
- CVE-2022-27220Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking,…
- CVE-2022-27219Jun 14, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking,…
- CVE-2022-23102Feb 9, 2022risk 0.00cvss —epss 0.05
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing…
- CVE-2021-37193Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).
- CVE-2021-37192Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.
- CVE-2021-37190Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.
- CVE-2021-37191Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.
- CVE-2021-37183Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these…
- CVE-2021-37177Sep 14, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.
- CVE-2021-31338Aug 19, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.
- CVE-2020-25240Mar 15, 2021risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.
- CVE-2020-25239Mar 15, 2021risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker…
- CVE-2019-13918Sep 13, 2019risk 0.00cvss —epss 0.02
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no…
- CVE-2019-13919Sep 13, 2019risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network…
- CVE-2019-13920Sep 13, 2019risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to…
- CVE-2019-13922Sep 13, 2019risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the…
- CVE-2019-6570Apr 17, 2019risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to…
Page 3 of 3