CVE-2022-42733

Name of the Vulnerable Software and Affected Versions syngo Dynamics versions prior to VA40G HF01

Description A vulnerability has been identified in the syngo Dynamics application server, which hosts a web service using an operation with improper read access control. This could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Recommendations For versions prior to VA40G HF01, update to VA40G HF01 or later to resolve the issue. As a temporary workaround, consider restricting access to the web service or implementing proper read access control to minimize the risk of exploitation.