Injection Vulnerability in Security Advisor Report Management of Synology DiskStation Manager
CVE-2021-29084

7.5HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 23 June 2021

Summary

An injection vulnerability exists in the Security Advisor report management component of Synology DiskStation Manager versions prior to 6.2.3-25426-3. This flaw could allow remote attackers to exploit the system by reading arbitrary files via unknown methods, posing potential risks to sensitive data and system integrity.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.3-25426-3

References

https://www.synology.com/security/advisory/Synology_SA_20_26

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Mar 23, 2021