ID
VAR-202207-1999
CVE
CVE-2022-27613
TITLE
Synology Inc. of CardDAV Server In SQL Injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2022-013859
DESCRIPTION
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. Synology Inc. of CardDAV Server for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.8
sources:
NVD: CVE-2022-27613 //
JVNDB: JVNDB-2022-013859 //
VULHUB: VHN-418266 //
VULMON: CVE-2022-27613
AFFECTED PRODUCTS
| vendor: | synology | model: | carddav server | scope: | lt | version: | 6.0.10-0153 | Trust: 1.0 |
| vendor: | synology | model: | carddav server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | synology | model: | carddav server | scope: | eq | version: | 6.0.10-0153 | Trust: 0.8 |
| vendor: | synology | model: | carddav server | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-013859 //
NVD: CVE-2022-27613
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-013859 //
CNNVD: CNNVD-202207-2596 //
NVD: CVE-2022-27613 //
NVD: CVE-2022-27613
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.1 |
| problemtype: | SQL injection (CWE-89) [ others ] | Trust: 0.8 |
sources:
VULHUB: VHN-418266 //
JVNDB: JVNDB-2022-013859 //
NVD: CVE-2022-27613
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202207-2596
TYPE
SQL injection
Trust: 0.6
sources:
CNNVD: CNNVD-202207-2596
PATCH
| title: | Synology CardDAV Server SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202472 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202207-2596
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-27613 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-013859 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202207-2596 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-418266 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-27613 | Trust: 0.1 |
sources:
VULHUB: VHN-418266 //
VULMON: CVE-2022-27613 //
JVNDB: JVNDB-2022-013859 //
CNNVD: CNNVD-202207-2596 //
NVD: CVE-2022-27613
REFERENCES
| url: | https://www.synology.com/security/advisory/synology_sa_21_06 | Trust: 2.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-27613 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-27613/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/89.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULHUB: VHN-418266 //
VULMON: CVE-2022-27613 //
JVNDB: JVNDB-2022-013859 //
CNNVD: CNNVD-202207-2596 //
NVD: CVE-2022-27613
SOURCES
| db: | VULHUB | id: | VHN-418266 |
| db: | VULMON | id: | CVE-2022-27613 |
| db: | JVNDB | id: | JVNDB-2022-013859 |
| db: | CNNVD | id: | CNNVD-202207-2596 |
| db: | NVD | id: | CVE-2022-27613 |
LAST UPDATE DATE
2024-08-14T14:24:38.802000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-418266 | date: | 2022-08-03T00:00:00 |
| db: | VULMON | id: | CVE-2022-27613 | date: | 2022-07-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-013859 | date: | 2023-09-12T08:20:00 |
| db: | CNNVD | id: | CNNVD-202207-2596 | date: | 2022-08-04T00:00:00 |
| db: | NVD | id: | CVE-2022-27613 | date: | 2022-08-03T20:16:53.043 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-418266 | date: | 2022-07-28T00:00:00 |
| db: | VULMON | id: | CVE-2022-27613 | date: | 2022-07-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-013859 | date: | 2023-09-12T00:00:00 |
| db: | CNNVD | id: | CNNVD-202207-2596 | date: | 2022-07-28T00:00:00 |
| db: | NVD | id: | CVE-2022-27613 | date: | 2022-07-28T07:15:07.957 |