Client-Side Enforcement of Server-Side Security

CVE-2024-39870

High

7.1/10

Summary

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-602 - Client-Side Enforcement of Server-Side Security

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References

Advisory Timeline

Published Jul 09, 2024

Client-Side Enforcement of Server-Side Security

CVE-2024-39870

Summary

CWE-602 - Client-Side Enforcement of Server-Side Security

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS