Lucene search

[email protected]CVE-2022-36534

HistorySep 16, 2022 - 3:15 a.m.

CVE-2022-36534

2022-09-1603:15:09

[email protected]

web.nvd.nist.gov

cve-2022-36534

super flexible software

syncovery

linux

rce

job_executebefore

job_executeafter

post_profilesettings.php

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.288 Low

EPSS

Percentile

96.9%

JSON

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.

Affected configurations

NVD

Node

syncoverysyncoveryRange8.00–9.48j

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
syncovery:syncoverysyncoverylt9.48j

CPE	Name	Operator	Version
syncovery:syncovery	syncovery	lt	9.48j

References

packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html

super.com

syncovery.com

www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.288 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2022-36534

nvd1 cvelist1 zdt1 packetstorm1 prion1 rapid7blog1