Synametrics: >> Synaman >> 4.0 Security Vulnerabilities
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-04-06
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVSS Score
7.2
EPSS Score
0.021
Published
2022-04-06
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
CVSS Score
7.5
EPSS Score
0.021
Published
2022-01-27
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
CVSS Score
4.8
EPSS Score
0.017
Published
2018-09-14
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVSS Score
7.8
EPSS Score
0.014
Published
2018-09-14