Vulnerability Details CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2022-27617
-
cpe:2.3:a:synology:calendar:1.0.0-0121
-
cpe:2.3:a:synology:calendar:1.0.2-0131
-
cpe:2.3:a:synology:calendar:1.0.3-0132
-
cpe:2.3:a:synology:calendar:1.1.0-0146
-
cpe:2.3:a:synology:calendar:2.0.0-0241
-
cpe:2.3:a:synology:calendar:2.0.1-0242
-
cpe:2.3:a:synology:calendar:2.1.0-0425
-
cpe:2.3:a:synology:calendar:2.1.1-0502
-
cpe:2.3:a:synology:calendar:2.1.2-0511
-
cpe:2.3:a:synology:calendar:2.2.1-0518
-
cpe:2.3:a:synology:calendar:2.2.2-0532
-
cpe:2.3:a:synology:calendar:2.2.3-0534
-
cpe:2.3:a:synology:calendar:2.3.0-0615
-
cpe:2.3:a:synology:calendar:2.3.1-0617
-
cpe:2.3:a:synology:calendar:2.3.2-0619
-
cpe:2.3:a:synology:calendar:2.3.3-0620
-
cpe:2.3:o:synology:diskstation_manager:6.2