← Back

CVE-2024-24722

nvd nist
Published: Feb 19, 2024Modified: Apr 2, 2025

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.

Affected (6)

12dsynergy
2 products
12dsynergy
File Replication Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
12dsynergy
12dsynergy
Before 4.3.10.192
12dsynergy
From 5.1.1.58 to 5.1.5.221
12dsynergy
From 5.1.6.210 to 5.1.6.235
12dsynergy
File Replication Server
Before 4.3.10.192
File Replication Server
From 5.1.1.58 to 5.1.5.221
File Replication Server
From 5.1.6.210 to 5.1.6.235

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (6)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.