CVE-2021-36717
MEDIUMSynerion TimeNet 9.21 - Path Traversal via Name Parameter
Title source: llmDescription
Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
x_refsource_cert
https://www.gov.il/en/departments/faq/cve_advisories
Scores
CVSS v3
5.4
EPSS
0.0092
EPSS Percentile
55.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-22
Status
published
Products (1)
synerion/timenet
9.21
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026