Search criteria
6 vulnerabilities found for safeaccess by synology
VAR-202011-0782
Vulnerability from variot - Updated: 2024-11-23 22:11SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Synology SafeAccess Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safeaccess",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "1.2.3-0234"
},
{
"model": "safe access",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "1.2.3-0234"
},
{
"model": "safe access",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"cve": "CVE-2020-27660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-27660",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-371569",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security@synology.com",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27660",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-27660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27660",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@synology.com",
"id": "CVE-2020-27660",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-27660",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-2088",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-371569",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Synology SafeAccess Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users\u0027 Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "VULHUB",
"id": "VHN-371569"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27660",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2020-1087",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-68544",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-371569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"id": "VAR-202011-0782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-371569"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:11:15.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_25"
},
{
"title": "Synology SafeAccess SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137132"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_25"
},
{
"trust": 1.7,
"url": "https://github.com/thomasfady/synology_sa_20_25"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27660"
},
{
"trust": 1.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1087"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1087"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-371569"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-371569"
},
{
"date": "2021-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"date": "2020-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"date": "2020-11-30T10:15:11.237000",
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-371569"
},
{
"date": "2021-07-08T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-013641"
},
{
"date": "2020-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2088"
},
{
"date": "2024-11-21T05:21:36.873000",
"db": "NVD",
"id": "CVE-2020-27660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0SafeAccess\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2088"
}
],
"trust": 0.6
}
}
VAR-202011-0781
Vulnerability from variot - Updated: 2024-11-23 22:11Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Synology SafeAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0781",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safeaccess",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "1.2.3-0234"
},
{
"model": "safe access",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "1.2.3-0234"
},
{
"model": "safe access",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"cve": "CVE-2020-27659",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2020-27659",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-371568",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2020-27659",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.7,
"id": "CVE-2020-27659",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-27659",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27659",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@synology.com",
"id": "CVE-2020-27659",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27659",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-2089",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-371568",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Synology SafeAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users\u0027 Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27659"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "VULHUB",
"id": "VHN-371568"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27659",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2020-1087",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-68427",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-371568",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"id": "VAR-202011-0781",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-371568"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:11:15.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_25"
},
{
"title": "Synology SafeAccess Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135614"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_25"
},
{
"trust": 1.7,
"url": "https://github.com/thomasfady/synology_sa_20_25"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27659"
},
{
"trust": 1.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1087"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1087"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-371568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-371568"
},
{
"date": "2021-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"date": "2020-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"date": "2020-11-30T10:15:10.720000",
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-371568"
},
{
"date": "2021-07-08T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-013640"
},
{
"date": "2020-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2089"
},
{
"date": "2024-11-21T05:21:36.743000",
"db": "NVD",
"id": "CVE-2020-27659"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0SafeAccess\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013640"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2089"
}
],
"trust": 0.6
}
}
CVE-2020-27660 (GCVE-0-2020-27660)
Vulnerability from nvd – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:25
VLAI?
Summary
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
Severity ?
9.6 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Safe Access |
Affected:
unspecified , < 1.2.3-0234
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safe Access",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.3-0234",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T22:00:45",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-11-30T00:00:00",
"ID": "CVE-2020-27660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safe Access",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.3-0234"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.6",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"name": "https://github.com/thomasfady/Synology_SA_20_25",
"refsource": "MISC",
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27660",
"datePublished": "2020-11-30T09:30:15.887498Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-17T04:25:26.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27659 (GCVE-0-2020-27659)
Vulnerability from nvd – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:00
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Safe Access |
Affected:
unspecified , < 1.2.3-0234
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safe Access",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.3-0234",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T21:58:33",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-11-30T00:00:00",
"ID": "CVE-2020-27659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safe Access",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.3-0234"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"name": "https://github.com/thomasfady/Synology_SA_20_25",
"refsource": "MISC",
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27659",
"datePublished": "2020-11-30T09:30:15.481484Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-17T04:00:17.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27660 (GCVE-0-2020-27660)
Vulnerability from cvelistv5 – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:25
VLAI?
Summary
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
Severity ?
9.6 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Safe Access |
Affected:
unspecified , < 1.2.3-0234
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safe Access",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.3-0234",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T22:00:45",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-11-30T00:00:00",
"ID": "CVE-2020-27660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safe Access",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.3-0234"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.6",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"name": "https://github.com/thomasfady/Synology_SA_20_25",
"refsource": "MISC",
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27660",
"datePublished": "2020-11-30T09:30:15.887498Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-17T04:25:26.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27659 (GCVE-0-2020-27659)
Vulnerability from cvelistv5 – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:00
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Safe Access |
Affected:
unspecified , < 1.2.3-0234
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safe Access",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.3-0234",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T21:58:33",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-11-30T00:00:00",
"ID": "CVE-2020-27659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safe Access",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.3-0234"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
},
{
"name": "https://github.com/thomasfady/Synology_SA_20_25",
"refsource": "MISC",
"url": "https://github.com/thomasfady/Synology_SA_20_25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27659",
"datePublished": "2020-11-30T09:30:15.481484Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-17T04:00:17.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}