Search
Find a vulnerability
Search criteria
1 vulnerability by synerion
CVE-2021-36717 (GCVE-0-2021-36717)
Vulnerability from cvelistv5 – Published: 2021-09-07 11:36 – Updated: 2024-08-04 01:01
VLAI
Title
Synerion TimeNet version 9.21 - Directory Traversal
Summary
Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
Severity
5.4 (Medium)
CWE
- Directory Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | third-party-advisoryx_refsource_CERT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synerion | TimeNet version |
Affected:
TimeNet 9.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "INCD CVE Advisories",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TimeNet version",
"vendor": "Synerion",
"versions": [
{
"status": "affected",
"version": "TimeNet 9.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \"Name\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T10:42:22.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"name": "INCD CVE Advisories",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to TimeNet version 10.2.1"
}
],
"source": {
"advisory": "ILVN-2021-0002",
"defect": [
"ILVN-2021-0002"
],
"discovery": "EXTERNAL"
},
"title": "Synerion TimeNet version 9.21 - Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"ID": "CVE-2021-36717",
"STATE": "PUBLIC",
"TITLE": "Synerion TimeNet version 9.21 - Directory Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TimeNet version",
"version": {
"version_data": [
{
"version_name": "TimeNet",
"version_value": "9.21"
}
]
}
}
]
},
"vendor_name": "Synerion"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \"Name\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "INCD CVE Advisories",
"refsource": "CERT",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to TimeNet version 10.2.1"
}
],
"source": {
"advisory": "ILVN-2021-0002",
"defect": [
"ILVN-2021-0002"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2021-36717",
"datePublished": "2021-09-07T11:36:33.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:59.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}