exploitDog

CVE-2022-42894

Опубликовано: 17 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

Ссылки

https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697
Vendor Advisory
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:syngo_dynamics_cardiovascular_imaging_and_information_system:*:*:*:*:*:*:*:*

Версия до va40g_hf01 (исключая)

EPSS

Процентиль: 54%

0.00317

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-57pw-m5mj-m29p

CVSS3: 7.5

github

около 3 лет назад

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

EPSS

Процентиль: 54%

0.00317

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

CWE-918