PT-2018-6337 · Synology · Synology Universal Search
Publicado
2018-07-05
·
Atualizado
2019-10-09
·
CVE-2017-16773
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Synology Universal Search versions prior to 1.0.5-0135
Description:
The issue is related to an improper authorization vulnerability in the Highlight Preview feature of Synology Universal Search. This vulnerability allows remote authenticated users to bypass permission checks for directories that are in POSIX mode.
Recommendations:
For versions prior to 1.0.5-0135, update to version 1.0.5-0135 or later to resolve the issue.
Correção
Incorrect Authorization
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Synology Universal Search