Vulnerabilities > Microchip > Syncserver S350 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-9033 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | 6.4 |
| 2020-02-17 | CVE-2020-9032 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | 6.4 |
| 2020-02-17 | CVE-2020-9031 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | 6.4 |
| 2020-02-17 | CVE-2020-9030 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | 6.4 |
| 2020-02-17 | CVE-2020-9029 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | 6.4 |
| 2020-02-17 | CVE-2020-9028 | Cross-site Scripting vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). | 4.3 |
| 2020-02-17 | CVE-2020-9034 | Improper Input Validation vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | 5.0 |