PT-2019-8139 · Synology · Synology Sso Server

Publicado

2019-04-01

·

Atualizado

2019-10-09

·

CVE-2017-16775

CVSS v3.1

7.1

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Synology SSO Server versions prior to 2.1.3-0129
Description The issue is related to an improper restriction of rendered UI layers or frames in SSOOauth.cgi, allowing remote attackers to conduct clickjacking attacks.
Recommendations For versions prior to 2.1.3-0129, update to version 2.1.3-0129 or later to resolve the issue.

Correção

RCE

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-1021

Identificadores relacionados

CVE-2017-16775

Produtos afetados

Synology Sso Server