CVE-2021-29086Sensitive Information Exposure in Synology Diskstation Manager

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.4%
top 41.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Diskstation ManagerSynology Diskstation Manager Unified Controller
Timeline
PublishedJun 23
Latest updateMay 24

Description

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5synology/diskstation_managerunspecified6.2.3-25426-3
NVDsynology/diskstation_manager6.26.2.3-25426-3

🔴Vulnerability Details

2
GHSA
GHSA-wgmc-67f7-2pmg: Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 62022-05-24
CVEList
CVE-2021-29086: Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 62021-06-23
CVE-2021-29086 — Sensitive Information Exposure | cvebase