Vulnerability in SINEC INS Could Allow Continued Malicious Actions After User Disabling
CVE-2024-46892
8.1HIGH
Summary
A session management flaw has been identified in SINEC INS, where the application fails to properly invalidate user sessions when an associated user account is deleted, disabled, or when their permissions are modified. This vulnerability poses a risk as it enables an authenticated attacker to perform malicious activities even after their account has been rendered inactive. Effective remediation is critical to mitigate potential security breaches that could result from this oversight.
Affected Version(s)
SINEC INS 0
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved