Vulnerabilities > Synametrics > Synaman > 3.2

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2022-26250 Incorrect Permission Assignment for Critical Resource vulnerability in Synametrics Synaman
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
local
low complexity
synametrics CWE-732
4.6
2022-04-06 CVE-2022-26251 Improper Privilege Management vulnerability in Synametrics Synaman
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
network
low complexity
synametrics CWE-269
critical
9.0
2022-01-27 CVE-2022-22828 Authorization Bypass Through User-Controlled Key vulnerability in Synametrics Synaman
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
network
low complexity
synametrics CWE-639
5.0
2019-11-21 CVE-2015-3140 Cross-Site Request Forgery (CSRF) vulnerability in Synametrics Synaman, Syncrify and Syntail
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
6.8