CVE-2024-41906

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*

History

14 Aug 2024, 18:04

Type Values Removed Values Added
First Time Siemens
Siemens sinec Traffic Analyzer
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 6.5
Summary
  • (es) Se ha identificado una vulnerabilidad en SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (Todas las versiones &lt; V2.0). La aplicación afectada no maneja adecuadamente las respuestas HTTP almacenables en caché en el servicio web. Esto podría permitir a un atacante leer y modificar datos almacenados en la memoria caché local.
CPE cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-716317.html - () https://cert-portal.siemens.com/productcert/html/ssa-716317.html - Vendor Advisory

13 Aug 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 08:15

Updated : 2024-08-14 18:04


NVD link : CVE-2024-41906

Mitre link : CVE-2024-41906

CVE.ORG link : CVE-2024-41906


JSON object : View

Products Affected

siemens

  • sinec_traffic_analyzer
CWE
NVD-CWE-Other CWE-524

Use of Cache Containing Sensitive Information