CNNVD-202511-2720 Information
CNNVD ID
CNNVD-202511-2720
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
Synergetic Data Systems UnForm Server是美国Synergetic Data Systems公司的一个文档管理和打印归档服务器软件。 Synergetic Data Systems UnForm Server 10.1.15之前版本存在安全漏洞,该漏洞源于Doc Flow模块arc端点未经验证的文件读取和SMB强制漏洞,可能导致任意文件读取和NTLM凭据泄露。
Description (English)
Synergetic Data Systems UnForm Server is a file management and print archive server for Synergetic Data Systems in the United States. Prior to the version of Synergetic Data Systems UnForm Server 10.1.15, there was a security loophole, which stemmed from unverified access to documents and SMB mandatory gaps in the Doc Flow module arc endpoint, which could lead to arbitrary access to documents and disclosure of NTLM documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Synergetic Data Systems
Published
2025-11-25
Last Modified
2026-02-24
References
https://unform.com/download/uf101_readme.txt https://www.vulncheck.com/advisories/unform-server-doc-flow-unauthenticated-file-read https://access.redhat.com/security/cve/cve-2025-34350
Patch
https://unform.com/download/uf101_readme.txt
Share on: