← volver
CVE-2022-42894

CVE-2022-42894

CVSS 7.5 HIGHEPSS 0.6%CWE-918
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 nov 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Siemens · syngo Dynamics

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697