Vulnerabilities > CVE-2022-27618 - Unspecified vulnerability in Synology Storage Analyzer

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

NVD

Published: 2022-08-03

Updated: 2024-11-21

Summary

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Storage Analyzer * Synology Diskstation Manager 7.0 Synology Diskstation Manager 7.1 Synology Diskstation Manager 6.2	4

References

https://www.synology.com/security/advisory/Synology_SA_22_11
https://www.synology.com/security/advisory/Synology_SA_22_11