6.5
CVE-2021-47960
- EPSS 0.19%
- Veröffentlicht 10.04.2026 10:16:02
- Zuletzt bearbeitet 29.05.2026 19:06:23
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Ssl Vpn Client Version < 1.4.5-0684
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.085 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://www.synology.com/en-global/security/advisory/Synology_SA_26_05