Sign-up

ID

VAR-202207-1998


CVE

CVE-2022-22685


TITLE

Synology Inc.  of  webdav server  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-013879

DESCRIPTION

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. Synology Inc. of webdav server Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Synology WebDAV Server is an extension of HTTP developed by China Synology Company. Allows users to manage files stored on remote servers. Synology WebDAV Server versions prior to 2.4.0-0062 have a path traversal vulnerability

Trust: 1.8

sources: NVD: CVE-2022-22685 // JVNDB: JVNDB-2022-013879 // VULHUB: VHN-411350 // VULMON: CVE-2022-22685

AFFECTED PRODUCTS

vendor:synologymodel:webdav serverscope:ltversion:2.4.0-0062

Trust: 1.0

vendor:synologymodel:webdav serverscope: - version: -

Trust: 0.8

vendor:synologymodel:webdav serverscope:eqversion: -

Trust: 0.8

vendor:synologymodel:webdav serverscope:eqversion:2.4.0-0062

Trust: 0.8

sources: JVNDB: JVNDB-2022-013879 // NVD: CVE-2022-22685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22685
value: HIGH

Trust: 1.0

security@synology.com: CVE-2022-22685
value: HIGH

Trust: 1.0

NVD: CVE-2022-22685
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2598
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-22685
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

security@synology.com: CVE-2022-22685
baseSeverity: HIGH
baseScore: 8.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 5.8
version: 3.1

Trust: 1.0

NVD: CVE-2022-22685
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013879 // CNNVD: CNNVD-202207-2598 // NVD: CVE-2022-22685 // NVD: CVE-2022-22685

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: VULHUB: VHN-411350 // JVNDB: JVNDB-2022-013879 // NVD: CVE-2022-22685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2598

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202207-2598

PATCH

title:Synology WebDAV Server Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202474

Trust: 0.6

sources: CNNVD: CNNVD-202207-2598

EXTERNAL IDS

db:NVDid:CVE-2022-22685

Trust: 3.4

db:JVNDBid:JVNDB-2022-013879

Trust: 0.8

db:CNNVDid:CNNVD-202207-2598

Trust: 0.7

db:VULHUBid:VHN-411350

Trust: 0.1

db:VULMONid:CVE-2022-22685

Trust: 0.1

sources: VULHUB: VHN-411350 // VULMON: CVE-2022-22685 // JVNDB: JVNDB-2022-013879 // CNNVD: CNNVD-202207-2598 // NVD: CVE-2022-22685

REFERENCES

url:https://www.synology.com/security/advisory/synology_sa_21_09

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22685

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22685/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-411350 // VULMON: CVE-2022-22685 // JVNDB: JVNDB-2022-013879 // CNNVD: CNNVD-202207-2598 // NVD: CVE-2022-22685

SOURCES

db:VULHUBid:VHN-411350
db:VULMONid:CVE-2022-22685
db:JVNDBid:JVNDB-2022-013879
db:CNNVDid:CNNVD-202207-2598
db:NVDid:CVE-2022-22685

LAST UPDATE DATE

2024-08-14T15:32:39.083000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411350date:2022-08-03T00:00:00
db:VULMONid:CVE-2022-22685date:2022-07-28T00:00:00
db:JVNDBid:JVNDB-2022-013879date:2023-09-12T08:20:00
db:CNNVDid:CNNVD-202207-2598date:2022-08-04T00:00:00
db:NVDid:CVE-2022-22685date:2022-08-03T20:39:42.953

SOURCES RELEASE DATE

db:VULHUBid:VHN-411350date:2022-07-28T00:00:00
db:VULMONid:CVE-2022-22685date:2022-07-28T00:00:00
db:JVNDBid:JVNDB-2022-013879date:2023-09-12T00:00:00
db:CNNVDid:CNNVD-202207-2598date:2022-07-28T00:00:00
db:NVDid:CVE-2022-22685date:2022-07-28T07:15:07.817