CVE-2018-13295

Name of the Vulnerable Software and Affected Versions Synology Application Service versions prior to 1.5.4-0320

Description The issue allows remote authenticated users to obtain sensitive system information. This is achieved via the version parameter in the SYNO.Personal.Application.Info component.

Recommendations For versions prior to 1.5.4-0320, update to version 1.5.4-0320 or later to resolve the issue. As a temporary workaround, consider restricting access to the SYNO.Personal.Application.Info component to minimize the risk of exploitation. Avoid using the version parameter in the affected component until the issue is resolved.