CVE-2021-36717

Name of the Vulnerable Software and Affected Versions Synerion TimeNet version 9.21

Description The issue allows an attacker to perform a directory traversal attack using a web browser and some knowledge of default files and directories on the system. On the Name parameter, the attacker can return to the root directory and open the host file, potentially giving them the ability to view restricted files. This could provide the attacker with more information required to further compromise the system.

Recommendations For Synerion TimeNet version 9.21, consider restricting access to the Name parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the Name parameter in a way that could allow directory traversal until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.