1. Home
  2. CVE Database
  3. CVE-2022-42894
HIGH · 7.5

CVE-2022-42894

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed...

Vulnerability Description

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SiemensSyngo Dynamics Cardiovascular Imaging And Information System< va40g_hf01

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2022-42894?

CVE-2022-42894 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed...

How severe is CVE-2022-42894?

CVE-2022-42894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-42894?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Syngo Dynamics Cardiovascular Imaging And Information System.