Aggregates CVE and security vulnerability intelligence across all synametrics-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk csrf; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-26251 | The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | [email protected] | 7.2 | 1.48% | 2022-04-06 | 2024-11-21 |
| CVE-2022-26250 | Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | [email protected] | 7.8 | 0.04% | 2022-04-06 | 2024-11-21 |
| CVE-2022-22828 | An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | [email protected] | 7.5 | 0.74% | 2022-01-27 | 2024-11-21 |
| CVE-2015-3140 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | [email protected] | 8.8 | 0.32% | 2019-11-21 | 2024-11-21 |
| CVE-2018-10814 | Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | [email protected] | 7.8 | 0.20% | 2018-09-14 | 2024-11-21 |
| CVE-2018-10763 | Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | [email protected] | 4.8 | 0.22% | 2018-09-14 | 2024-11-21 |
| CVE-2015-3141 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a ne | [email protected] | 6.8 | 0.36% | 2015-05-20 | 2026-05-06 |
| CVE-2012-2569 | Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | [email protected] | 4.3 | 0.48% | 2014-06-19 | 2026-05-06 |