CVE-2015-3140
CVE-2015-3140 is a high-severity vulnerability in Synametrics Synaman with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-352.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 6.8
- EPSS exploit prediction: 1% (67th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-352
- Affected product: Synametrics Synaman
- Published:
- Last modified:
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
Frequently asked questions
- What is CVE-2015-3140?
- Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
- How severe is CVE-2015-3140?
- CVE-2015-3140 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2015-3140 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (67th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-3140?
- CVE-2015-3140 primarily affects Synametrics Synaman. In total, 100 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-3140?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2015-3140 published?
- CVE-2015-3140 was published on 2019-11-21 and last updated on 2026-06-17.
References
- http://web.synametrics.com/SynamanVersionHistory.htm
- https://web.synametrics.com/SyncrifyVersionHistory.htm
- https://web.synametrics.com/SyntailVersionHistory.htm
Affected products (100)
- cpe:2.3:a:synametrics:synaman:1.0:build786:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:1.0:build805:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:1.1:build972:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.0:build1185:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.1:build1202:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.2:build1205:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.2:build1246:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.3:build1259:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.3:build1261:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.4:build1272:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1282:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1289:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1291:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1302:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1303:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1304:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1310:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1313:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1314:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1316:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1318:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1321:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1322:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1324:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.5:build1325:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.6:build1328:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.7:build1337:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.7:build1341:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:2.7:build1342:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.0:build1358:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.0:build1363:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.0:build1365:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.1:build1380:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.1:build1382:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.1:build1384:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.1:build1386:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.2:build1393:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.2:build1394:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.2:build1398:*:*:*:*:*:*
- cpe:2.3:a:synametrics:synaman:3.3:build1418:*:*:*:*:*:*
More vulnerabilities in Synametrics Synaman
- CVE-2022-26250 — High (CVSS 7.8): Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate…
- CVE-2018-10814 — High (CVSS 7.8): Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
- CVE-2022-22828 — High (CVSS 7.5): An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote…
- CVE-2022-26251 — High (CVSS 7.2): The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code…
- CVE-2018-10763 — Medium (CVSS 4.8): Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or…
All CVEs affecting Synametrics Synaman →
Other CWE-352 (Cross-Site Request Forgery (CSRF)) vulnerabilities
- CVE-2025-32642 — Critical (CVSS 10.0): Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This…
- CVE-2025-23922 — Critical (CVSS 10.0): Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a…
- CVE-2017-5145 — Critical (CVSS 10.0): An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware…
- CVE-2019-25729 — Critical (CVSS 9.8): PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute…
- CVE-2025-48340 — Critical (CVSS 9.8): Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows…
- CVE-2025-2907 — Critical (CVSS 9.8): The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing…
Browse all CWE-352 (Cross-Site Request Forgery (CSRF)) vulnerabilities →