CVE-2021-29085
8.6HIGH
Summary
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
Affected Version(s)
DiskStation Manager (DSM) < 6.2.3-25426-3
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: 7.5 to: 8.6 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database