Vulnerability in SINEC INS Could Allow Continued Malicious Actions After User Disabling
CVE-2024-46892
8.1HIGH
What is CVE-2024-46892?
A session management flaw has been identified in SINEC INS, where the application fails to properly invalidate user sessions when an associated user account is deleted, disabled, or when their permissions are modified. This vulnerability poses a risk as it enables an authenticated attacker to perform malicious activities even after their account has been rendered inactive. Effective remediation is critical to mitigate potential security breaches that could result from this oversight.
Affected Version(s)
SINEC INS 0