CVE-2020-27650 Information
Share on:
Feb 14, 2021
cve
Description
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://www.synology.com/security/advisory/Synology_SA_20_18
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
3.7