CVE-2022-36534 - OpenCVE

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Syncovery	Syncovery

Configuration 1 [-]

AND

cpe:2.3:a:syncovery:syncovery:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://super.com	Not Applicable
http://syncovery.com	Broken Link
https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-16T00:00:00

Updated: 2022-12-15T00:00:00

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36534

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-16T03:15:09.593

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-36534

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:syncovery:syncovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F9921B5-A86F-4011-A9B1-889E9985B10E", "versionEndExcluding": "9.48j", "versionStartIncluding": "8.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php."}, {"lang": "es", "value": "Se ha detectado que Super Flexible Software GmbH & Co. KG Syncovery 9 para Linux versiones v9.47x y anteriores, contiene m\u00faltiples vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de los par\u00e1metros Job_ExecuteBefore y Job_ExecuteAfter en el archivo post_profilesettings.php"}], "id": "CVE-2022-36534", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-16T03:15:09.593", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://super.com"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://syncovery.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}