Improper Access Control in Synology Calendar by Synology
CVE-2017-15891
6.5MEDIUM
Summary
An improper access control vulnerability exists in the SYNO.Cal.EventBase component of Synology Calendar prior to version 2.0.1-0242. This flaw enables remote authenticated users to exploit unspecified vectors to modify calendar events, posing a significant risk to user data integrity and privacy.
Affected Version(s)
Synology Calendar before 2.0.1-0242
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved