CVE-2021-43926
4.7MEDIUM
Summary
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
Affected Version(s)
DiskStation Manager (DSM) < 7.0.1-42218-2
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 9.8 to: 4.7 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database