Multiple vulnerabilites in synedra ViewEmbeddedStreaming allowed read access to the server file system
Swiss Health Sector
NTCF:
NTCF-2024-24212
Product:
synedra ViewEmbeddedStreaming
Vendor:
synedra IT GmbH
Criticality:
high
Status:
fixed
Discovered:
2024-12-23
Detail:
Public
Vulnerable version:
<24.0.0.9
Fixed version:
24.0.0.10
Description
In accordance with NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis.
Please use the contact form and provide an explanation for your request.
Synedra published details about the security vulnerability in synedra Security Advisory synSA-154361. Affected customers can request these details directly from synedra.
Timeline
2024-12-23: initial discovery
2025-01-15: first contact to vendor
2025-01-15: private disclosure to vendor
2025-01-31: fix by vendor
2025-05-21: public disclosure