CVE-2024-24722

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions 12d Synergy Server versions prior to 4.3.10.192 12d Synergy Server versions prior to 5.1.5.221 12d Synergy Server versions prior to 5.1.6.235 12d Synergy File Replication Server versions prior to 4.3.10.192 12d Synergy File Replication Server versions prior to 5.1.5.221 12d Synergy File Replication Server versions prior to 5.1.6.235

Description The issue is related to an unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components. This vulnerability may allow an attacker to gain elevated privileges via the service path.

Recommendations For 12d Synergy Server versions prior to 4.3.10.192, update to version 4.3.10.192 or later. For 12d Synergy Server versions prior to 5.1.5.221, update to version 5.1.5.221 or later. For 12d Synergy Server versions prior to 5.1.6.235, update to version 5.1.6.235 or later. For 12d Synergy File Replication Server versions prior to 4.3.10.192, update to version 4.3.10.192 or later. For 12d Synergy File Replication Server versions prior to 5.1.5.221, update to version 5.1.5.221 or later. For 12d Synergy File Replication Server versions prior to 5.1.6.235, update to version 5.1.6.235 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

BDU:2024-04532

CVE-2024-24722

Affected Products

12D Synergy File Replication Server

12D Synergy Server

CVE-2024-24722

Weakness Enumeration

Related Identifiers

Affected Products

References · 12