CVE-2021-36717

{"id": "CVE-2021-36717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@cyber.gov.il", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-09-07T12:15:07.620", "references": [{"url": "https://www.gov.il/en/departments/faq/cve_advisories", "tags": ["Third Party Advisory"], "source": "cna@cyber.gov.il"}, {"url": "https://www.gov.il/en/departments/faq/cve_advisories", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \"Name\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system."}, {"lang": "es", "value": "La versi\u00f3n 9.21 de Synerion TimeNet contiene una vulnerabilidad de cruce de directorios en la que, en el par\u00e1metro \"Name\", el atacante puede volver al directorio ra\u00edz y abrir el archivo del host. Esto podr\u00eda dar al atacante la capacidad de ver archivos restringidos, lo que podr\u00eda proporcionar al atacante m\u00e1s informaci\u00f3n necesaria para comprometer a\u00fan m\u00e1s el sistema"}], "lastModified": "2024-11-21T06:13:58.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synerion:timenet:9.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FC5F459-E02A-4E1F-9FA5-E4FD3B367491"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cyber.gov.il"}