cbcvebase.

Synametrics Synaman vulnerabilities

6 known vulnerabilities affecting synametrics/synaman.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2015-3140P3HIGHCVSS 8.8PoCv1.0v1.1+13 more2019-11-21
CVE-2015-3140 [HIGH] CWE-352 CVE-2015-3140: Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan befor Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
nvd
CVE-2018-10814P3HIGHCVSS 7.8PoCv4.02018-09-14
CVE-2018-10814 [HIGH] CWE-522 CVE-2018-10814: Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
nvd
CVE-2022-22828P3HIGHCVSS 7.5fixed in 5.02022-01-27
CVE-2022-22828 [HIGH] CWE-639 CVE-2022-22828: An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allo An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
nvd
CVE-2022-26251P3HIGHCVSS 7.2≤ 5.12022-04-06
CVE-2022-26251 [HIGH] CWE-269 CVE-2022-26251: The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to exec The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
nvd
CVE-2018-10763P4MEDIUMCVSS 4.8PoCv4.02018-09-14
CVE-2018-10763 [MEDIUM] CWE-79 CVE-2018-10763: Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1 Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
nvd
CVE-2022-26250P3HIGHCVSS 7.8≤ 5.12022-04-06
CVE-2022-26250 [HIGH] CWE-732 CVE-2022-26250: Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated at Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
nvd
Synametrics Synaman vulnerabilities | cvebase