This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Synametrics | First view | 2019-11-21 |
| Product | Synaman | Last view | 2022-04-06 |
| Version | 2.1 | Type | Application |
| Update | build1202 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:synametrics:synaman | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2022-04-06 | CVE-2022-26251 | The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. |
| 7.8 | 2022-04-06 | CVE-2022-26250 | Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. |
| 7.5 | 2022-01-27 | CVE-2022-22828 | An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. |
| 8.8 | 2019-11-21 | CVE-2015-3140 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 25% (1) | CWE-639 | Access Control Bypass Through User-Controlled Key |
| 25% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 25% (1) | CWE-269 | Improper Privilege Management |
