CVE-2021-36717
Last modified
CVE-2021-36717 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Synerion | Timenet | 9.21 |
References
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-36717?
How severe is CVE-2021-36717?
How do I fix CVE-2021-36717?
Are you affected by CVE-2021-36717?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST