CVE-2020-27650

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-2

Description The issue makes it easier for remote attackers to capture session cookies by intercepting their transmission within an HTTP session, as the Secure flag is not set for the session cookie in an HTTPS session.

Recommendations For versions prior to 6.2.3-25426-2, update to version 6.2.3-25426-2 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-614CWE-311

Related Identifiers

CVE-2020-27650

Affected Products

Synology Diskstation Manager

CVE-2020-27650

Weakness Enumeration

Related Identifiers

Affected Products

References · 3