CVE-2021-36717 (GCVE-0-2021-36717)

Vulnerability from cvelistv5 – Published: 2021-09-07 11:36 – Updated: 2024-08-04 01:01
VLAI?
Title
Synerion TimeNet version 9.21 - Directory Traversal
Summary
Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE
  • Directory Traversal
Assigner
References
https://www.gov.il/en/departments/faq/cve_advisories third-party-advisoryx_refsource_CERT
Impacted products
Vendor Product Version
Synerion TimeNet version Affected: TimeNet 9.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:01:59.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "INCD CVE Advisories",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TimeNet version",
          "vendor": "Synerion",
          "versions": [
            {
              "status": "affected",
              "version": "TimeNet 9.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \"Name\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-16T10:42:22.000Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "name": "INCD CVE Advisories",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "https://www.gov.il/en/departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to TimeNet version 10.2.1"
        }
      ],
      "source": {
        "advisory": "ILVN-2021-0002",
        "defect": [
          "ILVN-2021-0002"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Synerion TimeNet version 9.21 - Directory Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@cyber.gov.il",
          "ID": "CVE-2021-36717",
          "STATE": "PUBLIC",
          "TITLE": "Synerion TimeNet version 9.21 - Directory Traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TimeNet version",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "TimeNet",
                            "version_value": "9.21"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Synerion"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \"Name\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "INCD CVE Advisories",
              "refsource": "CERT",
              "url": "https://www.gov.il/en/departments/faq/cve_advisories"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to TimeNet version 10.2.1"
          }
        ],
        "source": {
          "advisory": "ILVN-2021-0002",
          "defect": [
            "ILVN-2021-0002"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2021-36717",
    "datePublished": "2021-09-07T11:36:33.000Z",
    "dateReserved": "2021-07-12T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:01:59.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-36717",
      "date": "2026-04-26",
      "epss": "0.0025",
      "percentile": "0.48259"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synerion:timenet:9.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FC5F459-E02A-4E1F-9FA5-E4FD3B367491\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \\\"Name\\\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.\"}, {\"lang\": \"es\", \"value\": \"La versi\\u00f3n 9.21 de Synerion TimeNet contiene una vulnerabilidad de cruce de directorios en la que, en el par\\u00e1metro \\\"Name\\\", el atacante puede volver al directorio ra\\u00edz y abrir el archivo del host. Esto podr\\u00eda dar al atacante la capacidad de ver archivos restringidos, lo que podr\\u00eda proporcionar al atacante m\\u00e1s informaci\\u00f3n necesaria para comprometer a\\u00fan m\\u00e1s el sistema\"}]",
      "id": "CVE-2021-36717",
      "lastModified": "2024-11-21T06:13:58.143",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@cyber.gov.il\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-07T12:15:07.620",
      "references": "[{\"url\": \"https://www.gov.il/en/departments/faq/cve_advisories\", \"source\": \"cna@cyber.gov.il\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.gov.il/en/departments/faq/cve_advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cna@cyber.gov.il",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-36717\",\"sourceIdentifier\":\"cna@cyber.gov.il\",\"published\":\"2021-09-07T12:15:07.620\",\"lastModified\":\"2024-11-21T06:13:58.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the \\\"Name\\\" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.\"},{\"lang\":\"es\",\"value\":\"La versi\u00f3n 9.21 de Synerion TimeNet contiene una vulnerabilidad de cruce de directorios en la que, en el par\u00e1metro \\\"Name\\\", el atacante puede volver al directorio ra\u00edz y abrir el archivo del host. Esto podr\u00eda dar al atacante la capacidad de ver archivos restringidos, lo que podr\u00eda proporcionar al atacante m\u00e1s informaci\u00f3n necesaria para comprometer a\u00fan m\u00e1s el sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@cyber.gov.il\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synerion:timenet:9.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC5F459-E02A-4E1F-9FA5-E4FD3B367491\"}]}]}],\"references\":[{\"url\":\"https://www.gov.il/en/departments/faq/cve_advisories\",\"source\":\"cna@cyber.gov.il\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.gov.il/en/departments/faq/cve_advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.