CVE-2021-36717

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.

Ссылки

https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synerion:timenet:9.21:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

5.4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-rwww-93cx-4h2h

github

больше 3 лет назад

In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the "Name" parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.

EPSS

Процентиль: 48%

0.0025

Низкий

5.4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22