Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
Exploits (3)
exploitdb
WORKING POC
by Marlow Tannhauser · textwebappsphp
https://www.exploit-db.com/exploits/36953
exploitdb
WORKING POC
by Marlow Tannhauser · textwebappsphp
https://www.exploit-db.com/exploits/36950
exploitdb
WORKING POC
by Marlow Tannhauser · textwebappsphp
https://www.exploit-db.com/exploits/36951
References (3)
Core 3
Core References
Mitigation, Release Notes, Vendor Advisory x_refsource_confirm
http://web.synametrics.com/SynamanVersionHistory.htm
Mitigation, Release Notes, Vendor Advisory x_refsource_confirm
https://web.synametrics.com/SyntailVersionHistory.htm
Mitigation, Release Notes, Vendor Advisory x_refsource_confirm
https://web.synametrics.com/SyncrifyVersionHistory.htm
Scores
CVSS v3
8.8
EPSS
0.0032
EPSS Percentile
55.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (17)
synametrics/synaman
1.0 build786 (2 CPE variants)
synametrics/synaman
1.1 build972
synametrics/synaman
2.0 build1185
synametrics/synaman
2.1 build1202
synametrics/synaman
2.2 build1205 (2 CPE variants)
synametrics/synaman
2.3 build1259 (2 CPE variants)
synametrics/synaman
2.4 build1272
synametrics/synaman
2.5 build1282 (15 CPE variants)
synametrics/synaman
2.6 build1328
synametrics/synaman
2.7 build1337 (3 CPE variants)
... and 7 more
Published
Nov 21, 2019
Tracked Since
Feb 18, 2026