Authentication Bypass in Siemens XHQ Server
CVE-2017-6866

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Xhq 4 (all Versions Before V4.7.1.3), Xhq 5 (all Versions Before V5.0.0.2)
Vendor
CVE Published:
7 August 2017

What is CVE-2017-6866?

An issue has been identified in Siemens XHQ Server versions 4 and 5 that permits low-privileged authenticated users to read data beyond their authorized level, compromising the data integrity and confidentiality. This flaw can potentially result in unauthorized access to sensitive information within the XHQ solution, increasing risks for organizations using the impacted software versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XHQ 4 (All before V4.7.1.3), XHQ 5 (All before V5.0.0.2) XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)

References

http://www.securityfocus.com/bid/99247
vdb-entryx_refsource_BID
https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.