{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Synology Disk Station Manager (DSM) version 7.1.x","product":{"name":"DSM","vendor":{"name":"Synology","scada":false}}},{"description":"Synology DiskStation Manager (DSM) versions 7.2.x ant\u00e9rieures \u00e0 7.2.1-69057-2","product":{"name":"DSM","vendor":{"name":"Synology","scada":false}}},{"description":"Synology Disk Station Manager (DSM) version 6.2.X","product":{"name":"DSM","vendor":{"name":"Synology","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2024-0854","url":"https://www.cve.org/CVERecord?id=CVE-2024-0854"}],"links":[],"reference":"CERTFR-2024-AVI-0070","revisions":[{"description":"Version initiale","revision_date":"2024-01-26T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synology DiskStation Manager.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9. Synology pr\u00e9cise que des correctifs seront publi\u00e9s\nult\u00e9rieurement pour les versions 6.2 et 7.1 de Synology DSM.\n","title":"Vuln\u00e9rabilit\u00e9 dans Synology DiskStation Manager","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Synology Synology-SA-24:02 du 24 janvier 2024","url":"https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_02"}]}