CVE-2020-36946

EUVD-2020-30861
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
flexensesyncbreeze
10.0.28
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.syncbreeze.com
https://www.exploit-db.com/exploits/49291
https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service
https://www.exploit-db.com/exploits/49291