Known Vulnerabilities
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
MEDIUM
CVSS 6.8
Published Aug 03, 2022
CVE-2017-16775
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
HIGH
CVSS 7.1
Published Apr 01, 2019