CVE-2026-46749
- EPSS 0.12%
- Veröffentlicht 09.06.2026 08:47:05
- Zuletzt bearbeitet 12.06.2026 15:15:09
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an in...
CVE-2026-46748
- EPSS 0.21%
- Veröffentlicht 09.06.2026 08:46:55
- Zuletzt bearbeitet 12.06.2026 15:33:16
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission ch...
CVE-2026-46747
- EPSS 0.24%
- Veröffentlicht 09.06.2026 08:46:54
- Zuletzt bearbeitet 12.06.2026 15:28:46
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal thr...
CVE-2026-46746
- EPSS 0.45%
- Veröffentlicht 09.06.2026 08:46:53
- Zuletzt bearbeitet 12.06.2026 18:08:28
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory n...
CVE-2024-46894
- EPSS 0.26%
- Veröffentlicht 12.11.2024 13:15:10
- Zuletzt bearbeitet 20.08.2025 19:09:37
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacke...
CVE-2024-46892
- EPSS 0.29%
- Veröffentlicht 12.11.2024 13:15:09
- Zuletzt bearbeitet 13.11.2024 23:13:06
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an...
CVE-2024-46891
- EPSS 0.5%
- Veröffentlicht 12.11.2024 13:15:09
- Zuletzt bearbeitet 20.08.2025 19:11:08
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of...
CVE-2024-46890
- EPSS 0.72%
- Veröffentlicht 12.11.2024 13:15:09
- Zuletzt bearbeitet 13.11.2024 23:12:39
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high priv...
CVE-2024-46889
- EPSS 0.29%
- Veröffentlicht 12.11.2024 13:15:09
- Zuletzt bearbeitet 13.11.2024 23:11:58
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key ma...
CVE-2024-46888
- EPSS 0.88%
- Veröffentlicht 12.11.2024 13:15:08
- Zuletzt bearbeitet 13.11.2024 23:11:24
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to m...