CVE-2021-43928

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

Ссылки

https://www.synology.com/security/advisory/Synology_SA_21_28
Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_21_28
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synology:mail_station:*:*:*:*:*:*:*:*

Версия до 20211105 (исключая)

EPSS

Процентиль: 77%

0.01059

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-xcmm-3w7w-cqq9

CVSS3: 8.8

github

почти 4 года назад

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 7.0.1-42218-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

EPSS

Процентиль: 77%

0.01059

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78