CVE-2022-42892

Name of the Vulnerable Software and Affected Versions syngo Dynamics versions prior to VA40G HF01

Description A vulnerability has been identified in the syngo Dynamics application server, which hosts a web service using an operation with improper write access control. This could allow directory listing in any folder accessible to the account assigned to the website's application pool.

Recommendations For versions prior to VA40G HF01, update to VA40G HF01 or later to resolve the issue. As a temporary workaround, consider restricting access to the web service operation to minimize the risk of exploitation.