Lucene search
HistoryAug 03, 2022 - 3:15 a.m.
CVE-2022-27618
synology storage analyzer
path traversal
remote authentication
file deletion
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS
0.001
Percentile
26.5%
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Affected configurations
Node
synologystorage_analyzerRange<2.1.0-0390
synologydiskstation_managerMatch7.0
ORsynologydiskstation_managerMatch7.1
Node
synologystorage_analyzerRange<2.0.1-0214
synologydiskstation_managerMatch6.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | storage_analyzer | * | cpe:2.3:a:synology:storage_analyzer:*:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.0 | cpe:2.3:a:synology:diskstation_manager:7.0:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.1 | cpe:2.3:a:synology:diskstation_manager:7.1:*:*:*:*:*:*:* |
| synology | diskstation_manager | 6.2 | cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-27618
2022-08-03 02:20:13
cve
cve
CVE-2022-27618
2022-08-03 03:15:08
prion
prion
Path traversal
2022-08-03 03:15:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS
0.001
Percentile
26.5%
Related for NVD:CVE-2022-27618