PT-2019-8959 · Synology · Synology Application Service

Published

2019-04-01

Updated

2019-10-09

CVE-2018-13294

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Synology Application Service versions prior to 1.5.4-0320

Description The issue allows remote authenticated users to obtain sensitive system information. This is achieved via the uid parameter.

Recommendations For versions prior to 1.5.4-0320, update to version 1.5.4-0320 or later to resolve the issue. As a temporary workaround, consider restricting access to the uid parameter to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-13294

Affected Products

Synology Application Service

PT-2019-8959 · Synology · Synology Application Service

CVE-2018-13294

Weakness Enumeration

Related Identifiers

Affected Products

References · 3