Lucene search

[email protected]NVD:CVE-2024-41907

HistoryAug 13, 2024 - 8:15 a.m.

CVE-2024-41907

2024-08-1308:15:13

CWE-358

[email protected]

web.nvd.nist.gov

sinec traffic analyzer

http security headers

clickjacking attack

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.

Affected configurations

Nvd

Node

siemenssinec_traffic_analyzerRange<2.0

VendorProductVersionCPE
siemenssinec_traffic_analyzer*cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinec_traffic_analyzer	*	cpe:2.3:a:siemens:sinec_traffic_analyzer::::::::

References

cert-portal.siemens.com/productcert/html/ssa-716317.html

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-41907

cvelist1 vulnrichment1 cve1 ics1