Improper Read Access Control Vulnerability in Siemens Healthineers' syngo Dynamics Application
CVE-2022-42732
7.5HIGH
What is CVE-2022-42732?
An improper read access control vulnerability exists in the syngo Dynamics application server, enabling potential unauthorized retrieval of files from any accessible folder linked to the application’s operating account. This issue arises from a web service operation that lacks adequate access restrictions, which could expose sensitive files and compromise data security. It is crucial for users to update to version VA40G HF01 or later to mitigate this vulnerability.
Affected Version(s)
syngo Dynamics All versions < VA40G HF01