Lucene search
HistoryAug 03, 2022 - 3:15 a.m.
CVE-2022-27620
path traversal
synology sso server
remote authentication
arbitrary files
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Affected configurations
Node
synologysso_serverRange<2.2.3-0331
synologydiskstation_managerMatch6.2
ORsynologydiskstation_managerMatch7.0
ORsynologydiskstation_managerMatch7.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | sso_server | * | cpe:2.3:a:synology:sso_server:*:*:*:*:*:*:*:* |
| synology | diskstation_manager | 6.2 | cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.0 | cpe:2.3:a:synology:diskstation_manager:7.0:*:*:*:*:*:*:* |
| synology | diskstation_manager | 7.1 | cpe:2.3:a:synology:diskstation_manager:7.1:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-27620
2022-08-03 02:55:10
prion
prion
Path traversal
2022-08-03 03:15:00
cve
cve
CVE-2022-27620
2022-08-03 03:15:08
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
Related for NVD:CVE-2022-27620