Vulnerabilites related to Synology - SSO Server
cve-2022-27620
Vulnerability from cvelistv5
Published
2022-08-03 02:55
Modified
2024-09-16 22:45
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
Vendor Product Version
Synology SSO Server Version: unspecified   < 2.2.3-0331
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:32:59.935Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_22_13",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SSO Server",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "2.2.3-0331",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-03T02:55:10",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.synology.com/security/advisory/Synology_SA_22_13",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@synology.com",
               DATE_PUBLIC: "2022-08-02T16:19:20.070630",
               ID: "CVE-2022-27620",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SSO Server",
                                 version: {
                                    version_data: [
                                       {
                                          affected: "<",
                                          version_affected: "<",
                                          version_value: "2.2.3-0331",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Synology",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.8",
                  vectorString: "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.synology.com/security/advisory/Synology_SA_22_13",
                     refsource: "CONFIRM",
                     url: "https://www.synology.com/security/advisory/Synology_SA_22_13",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2022-27620",
      datePublished: "2022-08-03T02:55:10.286711Z",
      dateReserved: "2022-03-21T00:00:00",
      dateUpdated: "2024-09-16T22:45:35.273Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-16775
Vulnerability from cvelistv5
Published
2019-04-01 14:25
Modified
2024-09-17 02:11
Summary
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
Impacted products
Vendor Product Version
Synology SSO Server Version: unspecified   < 2.1.3-0129
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T20:35:21.065Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_18_28",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SSO Server",
               vendor: "Synology",
               versions: [
                  {
                     lessThan: "2.1.3-0129",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2019-03-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1021",
                     description: "Improper Restriction of Rendered UI Layers or Frames (CWE-1021)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-04-01T14:25:15",
            orgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
            shortName: "synology",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.synology.com/security/advisory/Synology_SA_18_28",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@synology.com",
               DATE_PUBLIC: "2019-03-31T00:00:00",
               ID: "CVE-2017-16775",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SSO Server",
                                 version: {
                                    version_data: [
                                       {
                                          affected: "<",
                                          version_affected: "<",
                                          version_value: "2.1.3-0129",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Synology",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Restriction of Rendered UI Layers or Frames (CWE-1021)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.synology.com/security/advisory/Synology_SA_18_28",
                     refsource: "CONFIRM",
                     url: "https://www.synology.com/security/advisory/Synology_SA_18_28",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "db201096-a0cc-46c7-9a55-61d9e221bf01",
      assignerShortName: "synology",
      cveId: "CVE-2017-16775",
      datePublished: "2019-04-01T14:25:15.494166Z",
      dateReserved: "2017-11-10T00:00:00",
      dateUpdated: "2024-09-17T02:11:38.210Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-201904-0530
Vulnerability from variot

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Synology SSO Server Contains an input validation vulnerability.Information may be obtained and information may be altered. Synology SSO Server is a server software provided by Synology, Taiwan, China, which provides single sign-on function. The SSOOauth.cgi file in versions prior to Synology SSO Server 2.1.3-0129 has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0530",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "sso server",
            scope: "lt",
            trust: 1.8,
            vendor: "synology",
            version: "2.1.3-0129",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:synology:sso_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.1.3-0129",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
      ],
   },
   cve: "CVE-2017-16775",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.8,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2017-16775",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "VHN-107731",
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 2.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "security@synology.com",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 3.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.1,
                  baseSeverity: "Medium",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2017-16775",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2017-16775",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "security@synology.com",
                  id: "CVE-2017-16775",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201711-360",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-107731",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Synology SSO Server Contains an input validation vulnerability.Information may be obtained and information may be altered. Synology SSO Server is a server software provided by Synology, Taiwan, China, which provides single sign-on function. The SSOOauth.cgi file in versions prior to Synology SSO Server 2.1.3-0129 has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2017-16775",
            trust: 2.5,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
            trust: 0.7,
         },
         {
            db: "VULHUB",
            id: "VHN-107731",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   id: "VAR-201904-0530",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:28:24.486000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Synology-SA-18:28 SSO Server",
            trust: 0.8,
            url: "https://www.synology.com/security/advisory/synology_sa_18_28",
         },
         {
            title: "Synology SSO Server Enter the fix for the verification error vulnerability",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91039",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://www.synology.com/security/advisory/synology_sa_18_28",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-16775",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16775",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-04-01T00:00:00",
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            date: "2019-05-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            date: "2019-04-01T15:29:00.310000",
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            date: "2017-11-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-10-09T00:00:00",
            db: "VULHUB",
            id: "VHN-107731",
         },
         {
            date: "2019-05-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
         {
            date: "2019-10-09T23:25:19.143000",
            db: "NVD",
            id: "CVE-2017-16775",
         },
         {
            date: "2019-10-10T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Synology SSO Server Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-014418",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201711-360",
         },
      ],
      trust: 0.6,
   },
}