Vulnerability in Synology Diskstation Manager (Dsm)
CVE-2020-27650
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an H…
EPSS: 0.002 (37.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L.
Affected products
- Synology Diskstation Manager (Dsm) — versions unspecified
Weakness classification (CWE)
References
- www.synology.com/security/advisory/Synology_SA_20_18 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2020-27650?
- CVE-2020-27650 is a medium-severity vulnerability in Synology Diskstation Manager (Dsm), classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.8/10. Published 2020-10-29.
- How severe is CVE-2020-27650?
- Medium severity. CVSS v3 base score is 5.8 out of 10.