CVE-2015-3140

Name: CVE-2015-3140
Creator: NVD / NIST
Published: 2019-11-21T22:15:15.38+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 1.29%

Last modified Jun 17, 2026

CVE-2015-3140 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567. EPSS estimates a 1.29% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

1.29%

66.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions	Update
Synametrics	Synaman	1.0	Build786
Synametrics	Synaman	1.1	Build972
Synametrics	Synaman	2.0	Build1185
Synametrics	Synaman	2.1	Build1202
Synametrics	Synaman	2.2	Build1205
Synametrics	Synaman	2.3	Build1259
Synametrics	Synaman	2.4	Build1272
Synametrics	Synaman	2.5	Build1282
Synametrics	Synaman	2.6	Build1328
Synametrics	Synaman	2.7	Build1337
Synametrics	Synaman	3.0	Build1358
Synametrics	Synaman	3.1	Build1380
Synametrics	Synaman	3.2	Build1393
Synametrics	Synaman	3.3	Build1418
Synametrics	Synaman	3.4	Build1434
Synametrics	Syncrify	1.3	Build352
Synametrics	Syncrify	1.4	Build379
Synametrics	Syncrify	2.0	Build413
Synametrics	Syncrify	2.1	Build420
Synametrics	Syncrify	2.2	Build429
Synametrics	Syncrify	2.3	Build443
Synametrics	Syncrify	2.4	Build459
Synametrics	Syncrify	2.5	Build473
Synametrics	Syncrify	2.6	Build510
Synametrics	Syncrify	3.0	Build580
Synametrics	Syncrify	3.1	Build614
Synametrics	Syncrify	3.2	Build629
Synametrics	Syncrify	3.3	Build682
Synametrics	Syncrify	3.4	Build725
Synametrics	Syncrify	3.5	Build778
Synametrics	Syncrify	3.6	Build800
Synametrics	Syncrify	3.7	Build833
Synametrics	Syntail	1.0	Build420
Synametrics	Syntail	1.1	Build429
Synametrics	Syntail	1.2	Build445
Synametrics	Syntail	1.5	Build561

References

http://web.synametrics.com/SynamanVersionHistory.htmMitigation, Release Notes, Vendor Advisory
https://web.synametrics.com/SyncrifyVersionHistory.htmMitigation, Release Notes, Vendor Advisory
https://web.synametrics.com/SyntailVersionHistory.htmMitigation, Release Notes, Vendor Advisory
http://web.synametrics.com/SynamanVersionHistory.htmMitigation, Release Notes, Vendor Advisory
https://web.synametrics.com/SyncrifyVersionHistory.htmMitigation, Release Notes, Vendor Advisory
https://web.synametrics.com/SyntailVersionHistory.htmMitigation, Release Notes, Vendor Advisory

Timeline

Published: Nov 21, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-3140?

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567

How severe is CVE-2015-3140?

CVE-2015-3140 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.29% probability of exploitation in the next 30 days.

How do I fix CVE-2015-3140?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-3140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST