A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2023-12-12T11:27:18.362Z
Updated: 2024-11-25T21:16:41.045Z
Reserved: 2023-11-16T16:30:40.849Z
Link: CVE-2023-48427
Vulnrichment
Updated: 2024-08-02T21:30:35.359Z
NVD
Status : Modified
Published: 2023-12-12T12:15:14.677
Modified: 2024-11-21T08:31:42.077
Link: CVE-2023-48427
Redhat
No data.