Vulnerabilities > Synametrics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-26250 | Incorrect Permission Assignment for Critical Resource vulnerability in Synametrics Synaman Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | 7.8 |
| 2022-04-06 | CVE-2022-26251 | Improper Privilege Management vulnerability in Synametrics Synaman The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | 7.2 |
| 2022-01-27 | CVE-2022-22828 | Authorization Bypass Through User-Controlled Key vulnerability in Synametrics Synaman An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | 7.5 |
| 2019-11-21 | CVE-2015-3140 | Cross-Site Request Forgery (CSRF) vulnerability in Synametrics Synaman and Syncrify Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | 8.8 |
| 2018-09-14 | CVE-2018-10814 | Insufficiently Protected Credentials vulnerability in Synametrics Synaman 4.0 Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | 7.8 |
| 2018-09-14 | CVE-2018-10763 | Cross-site Scripting vulnerability in Synametrics Synaman 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | 4.8 |