Lucene search
HistorySep 16, 2022 - 3:15 a.m.
CVE-2022-36536
component
super flexible software gmbh & co. kg
syncovery 9
linux
privilege escalation
session tokens
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.037
Percentile
91.8%
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.
Affected configurations
Node
syncoverysyncoveryRange8.00–9.48j
linuxlinux_kernelMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| syncovery | syncovery | * | cpe:2.3:a:syncovery:syncovery:*:*:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-36536
2022-09-16 03:15:09
packetstorm
packetstorm
Syncovery For Linux Web-GUI Session Token Brute-Forcer
2024-09-01 00:00:00
prion
prion
Design/Logic Flaw
2022-09-16 03:15:00
cvelist
cvelist
CVE-2022-36536
2022-09-16 02:37:07
metasploit
metasploit
Syncovery For Linux Web-GUI Session Token Brute-Forcer
2022-09-07 11:17:22
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-12-16 21:37:26
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.037
Percentile
91.8%
Related for NVD:CVE-2022-36536