CVE-2022-22681

8.1HIGH

Key Information

Vendor: Synology
Status: Photo Station
Vendor: CVE Published:; 6 July 2022

Summary

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

Affected Version(s)

Photo Station < 6.8.16-3506

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 8.1 - (HIGH)
Feb 22, 2024
Vulnerability published.
Jul 6, 2022
Vulnerability Reserved.
Jan 5, 2022

Collectors

NVD DatabaseMitre Database

.