CVE-2015-3140

high-risk
Published 2019-11-21

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
36951, 36950, 36953
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman
Synaman

Affected Vendors

Synametrics

References (6)

Mitigation http://web.synametrics.com/SynamanVersionHistory.htm
Mitigation https://web.synametrics.com/SyncrifyVersionHistory.htm
Mitigation https://web.synametrics.com/SyntailVersionHistory.htm
Mitigation http://web.synametrics.com/SynamanVersionHistory.htm
Mitigation https://web.synametrics.com/SyncrifyVersionHistory.htm
Mitigation https://web.synametrics.com/SyntailVersionHistory.htm
61
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 30/34 · Critical