CVE-2021-33734: SQL Injection
First published: Tue Oct 12 2021(Updated: )
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEC NMS | <1.0 | |
| Siemens SINEC NMS | =1.0 | |
| Siemens SINEC NMS | =1.0-sp1 | |
| Siemens SINEC NMS | =1.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-33734.
What is the severity of CVE-2021-33734?
CVE-2021-33734 has a severity rating of 7.2 (High).
What software versions are affected by CVE-2021-33734?
All versions of SINEC NMS prior to V1.0 SP2 Update 1 are affected by CVE-2021-33734.
How can an attacker exploit CVE-2021-33734?
A privileged authenticated attacker can exploit CVE-2021-33734 by sending crafted requests to the web server of the affected application to execute arbitrary commands in the local database.
Is there a fix available for CVE-2021-33734?
Yes, updating to version V1.0 SP2 Update 1 of SINEC NMS will resolve CVE-2021-33734.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens sinec nms
- version/siemens sinec nms/1.0
- version/siemens sinec nms/1.0-sp1
- version/siemens sinec nms/1.0-sp2