Information Exposure Vulnerability in Synology Application Service
CVE-2018-13294

4.3MEDIUM

Key Information:

Vendor
Synology
Status
Application Service
Vendor
CVE Published:
1 April 2019

Summary

An information exposure vulnerability exists in the SYNO.Personal.Profile component of Synology Application Service prior to version 1.5.4-0320. This flaw allows remote authenticated users to exploit the uid parameter, which can potentially enable them to access sensitive system information that should remain protected. This breach in security highlights the importance of keeping software updated and implementing proper access controls.

Affected Version(s)

Application Service < 1.5.4-0320

References

https://www.synology.com/security/advisory/Synology_SA_18_40
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.