Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Synology Active Backup for Business Agent
- before 2.6.3-3101
Source
security@synology.com
Tags
CVE-2023-52947 details
Published : Sept. 26, 2024, 4:15 a.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Description
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.
CVSS Score
1 | 2 | 3 | 4.0 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-306 | Missing Authentication for Critical Function | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
Base Score
4.0
Exploitability Score
2.5
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
URL | Source |
---|---|
https://www.synology.com/en-global/security/advisory/Synology_SA_24_11 | security@synology.com |
This website uses the NVD API, but is not approved or certified by it.