Lucene search
SynologyCVE-2022-27620HistoryAug 03, 2022 - 3:15 a.m.
CVE-2022-27620
2022-08-0303:15:08
CWE-22
synology
web.nvd.nist.gov
48
3
cve-2022-27620
path traversal
synology sso server
nvd
security
vulnerability
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
29.9%
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Affected configurations
Node
synologysso_serverRange<2.2.3-0331
synologydiskstation_managerMatch6.2
ORsynologydiskstation_managerMatch7.0
ORsynologydiskstation_managerMatch7.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | sso_server | * | cpe:2.3:a:synology:sso_server:*:*:*:*:*:*:*:* |
| synology | diskstation_manager | 6.2 | cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.0 | cpe:2.3:a:synology:diskstation_manager:7.0:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.1 | cpe:2.3:a:synology:diskstation_manager:7.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "SSO Server",
"vendor": "Synology",
"versions": [
{
"lessThan": "2.2.3-0331",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-27620
2022-08-03 02:55:10
prion
prion
Path traversal
2022-08-03 03:15:00
nvd
nvd
CVE-2022-27620
2022-08-03 03:15:08
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
29.9%
Related for CVE-2022-27620