PT-2022-26648 · Siemens · Syngo Dynamics
Ryan Wincey
·
Published
2022-11-17
·
Updated
2022-11-21
·
CVE-2022-42894
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
syngo Dynamics versions prior to VA40G HF01
Description
A Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application. This could allow for the leaking of NTLM credentials as well as local service enumeration.
Recommendations
For versions prior to VA40G HF01, update to VA40G HF01 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable web service to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syngo Dynamics