A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2024-04-09T08:34:44.145Z
Updated: 2024-09-04T15:03:29.467Z
Reserved: 2024-04-08T09:25:09.982Z
Link: CVE-2024-31978
Vulnrichment
Updated: 2024-08-02T01:59:50.835Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T09:15:26.387
Modified: 2024-04-09T12:48:04.090
Link: CVE-2024-31978
Redhat
No data.