Vulnerabilities > CVE-2022-27622 - Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

synology

CWE-918

NVD

Published: 2022-10-25

Updated: 2022-10-26

Summary

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Diskstation Manager - Synology Diskstation Manager 3.0 Synology Diskstation Manager 4.0 Synology Diskstation Manager 4.0-2259 Synology Diskstation Manager 4.2 Synology Diskstation Manager 4.2-3243 Synology Diskstation Manager 4.3 Synology Diskstation Manager 4.3-3810 Synology Diskstation Manager 5.2 Synology Diskstation Manager 5.2-5565 Synology Diskstation Manager 5.2-5565-1 Synology Diskstation Manager 5.2-5565-2 Synology Diskstation Manager 5.2-5592 Synology Diskstation Manager 5.2-5592-1 Synology Diskstation Manager 5.2-5592-2 Synology Diskstation Manager 5.2-5592-3 Synology Diskstation Manager 5.2-5592-4 Synology Diskstation Manager 5.2-5620 Synology Diskstation Manager 5.2-5644 Synology Diskstation Manager 5.2-5644-1 Synology Diskstation Manager 5.2-5644-2 Synology Diskstation Manager 5.2-5644-3 Synology Diskstation Manager 5.2-5644-5 Synology Diskstation Manager 5.2-5644-8 Synology Diskstation Manager 5.2-5967 Synology Diskstation Manager 5.2-5967-1 Synology Diskstation Manager 5.2-5967-2 Synology Diskstation Manager 5.2-5967-3 Synology Diskstation Manager 5.2-5967-4 Synology Diskstation Manager 5.2-5967-5 Synology Diskstation Manager 5.2-5967-6 Synology Diskstation Manager 5.2-5967-7 Synology Diskstation Manager 5.2-5967-8 Synology Diskstation Manager 5.2-5967-9 Synology Diskstation Manager 6.0 Synology Diskstation Manager 6.0-7321 Synology Diskstation Manager 6.0-7321-1 Synology Diskstation Manager 6.0-7321-2 Synology Diskstation Manager 6.0-7321-3 Synology Diskstation Manager 6.0-7321-5 Synology Diskstation Manager 6.0-7321-6 Synology Diskstation Manager 6.0.1-7393 Synology Diskstation Manager 6.0.1-7393-1 Synology Diskstation Manager 6.0.1-7393-2 Synology Diskstation Manager 6.0.2-8451 Synology Diskstation Manager 6.0.2-8451-1 Synology Diskstation Manager 6.0.2-8451-2 Synology Diskstation Manager 6.0.2-8451-3 Synology Diskstation Manager 6.0.2-8451-4 Synology Diskstation Manager 6.0.2-8451-5 Synology Diskstation Manager 6.0.2-8451-6 Synology Diskstation Manager 6.0.2-8451-7 Synology Diskstation Manager 6.0.2-8451-8 Synology Diskstation Manager 6.0.2-8451-9 Synology Diskstation Manager 6.0.2-8451-10 Synology Diskstation Manager 6.0.3-8754 Synology Diskstation Manager 6.0.3-8754-1 Synology Diskstation Manager 6.0.3-8754-3 Synology Diskstation Manager 6.0.3-8754-4 Synology Diskstation Manager 6.0.3-8754-8 Synology Diskstation Manager 6.1 Synology Diskstation Manager 6.1-15047 Synology Diskstation Manager 6.1-15047-1 Synology Diskstation Manager 6.1-15047-2 Synology Diskstation Manager 6.1.1 Synology Diskstation Manager 6.1.1-15101 Synology Diskstation Manager 6.1.1-15101-1 Synology Diskstation Manager 6.1.1-15101-2 Synology Diskstation Manager 6.1.1-15101-3 Synology Diskstation Manager 6.1.1-15101-4 Synology Diskstation Manager 6.1.2-15132 Synology Diskstation Manager 6.1.2-15132-1 Synology Diskstation Manager 6.1.3-15152 Synology Diskstation Manager 6.1.3-15152-1 Synology Diskstation Manager 6.1.3-15152-3 Synology Diskstation Manager 6.1.3-15152-4 Synology Diskstation Manager 6.1.3-15152-5 Synology Diskstation Manager 6.1.3-15152-6 Synology Diskstation Manager 6.1.3-15152-7 Synology Diskstation Manager 6.1.3-15152-8 Synology Diskstation Manager 6.1.4-15217 Synology Diskstation Manager 6.1.4-15217-1 Synology Diskstation Manager 6.1.4-15217-2 Synology Diskstation Manager 6.1.4-15217-3 Synology Diskstation Manager 6.1.4-15217-4 Synology Diskstation Manager 6.1.4-15217-5 Synology Diskstation Manager 6.1.6-15266 Synology Diskstation Manager 6.1.7-15284 Synology Diskstation Manager 6.1.7-15284-1 Synology Diskstation Manager 6.1.7-15284-2 Synology Diskstation Manager 6.1.7-15284-3 Synology Diskstation Manager 6.2 Synology Diskstation Manager 6.2-23739 Synology Diskstation Manager 6.2-23739-1 Synology Diskstation Manager 6.2-23739-2 Synology Diskstation Manager 6.2.1 Synology Diskstation Manager 6.2.1-23824 Synology Diskstation Manager 6.2.1-23824-1 Synology Diskstation Manager 6.2.1-23824-2 Synology Diskstation Manager 6.2.1-23824-3 Synology Diskstation Manager 6.2.1-23824-4 Synology Diskstation Manager 6.2.1-23824-5 Synology Diskstation Manager 6.2.1-23824-6 Synology Diskstation Manager 6.2.2-24922 Synology Diskstation Manager 6.2.3-25426-2 Synology Diskstation Manager 6.2.3-25426-3 Synology Diskstation Manager 6.2.3_25426 Synology Diskstation Manager 6.2.4-25553 Synology Diskstation Manager 6.2.4-25556-2 Synology Diskstation Manager 6.2.4-25556-3 Synology Diskstation Manager 6.2.4-25556-4 Synology Diskstation Manager 7.0 Synology Diskstation Manager 7.0.1-42218-2 Synology Diskstation Manager 7.1	115

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.synology.com/security/advisory/Synology_SA_22_18