CVE-2022-22828

High

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared…

mitre·CWE-639·Published 2022-01-27

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

192 chars

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

NVDen

192 chars

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

Una referencia de objeto directa no segura para la URL de descarga de archivos en Synametrics SynaMan versiones anteriores a 5.0, permite a un atacante remoto acceder a archivos no compartidos por medio de una cadena de nombre de archivo codificada en base64 modificada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N