{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T07:33:39.439","vulnerabilities":[{"cve":{"id":"CVE-2020-37100","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-03T15:16:10.780","lastModified":"2026-06-17T03:16:58.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process."},{"lang":"es","value":"Sync Breeze Enterprise 12.4.18 contiene una vulnerabilidad de ruta de servicio sin comillas que permite a atacantes locales ejecutar código arbitrario con privilegios de sistema elevados. Los atacantes pueden explotar la ruta binaria sin comillas al colocar ejecutables maliciosos en ubicaciones específicas del sistema de archivos para secuestrar el proceso de inicio del servicio."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SyncBreeze","product":"Sync Breeze Enterprise","versions":[{"version":"12.4.18","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-03T17:06:26.791713Z","id":"CVE-2020-37100","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flexense:syncbreeze:12.4.18:*:*:*:enterprise:*:*:*","matchCriteriaId":"8FE16F91-248D-4FD4-A1AA-28B1A7FDFEEF"}]}]}],"references":[{"url":"http://www.syncbreeze.com","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/48045","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}}]}