CVE-2021-36717 MEDIUM

CVE-2021-36717: Synerion TimeNet version 9.21 - Directory Traversal

Vendor Synerion
Product TimeNet version
Published September 7, 2021
Last update August 4, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.

Key dates

02Disclosure timeline

September 7, 2021 CVE published
August 4, 2024 Record updated