PT-2024-14788 · Synology · Synology Active Backup For Business Agent

Zhao Runzi

Published

2024-09-25

Updated

2024-10-02

CVE-2023-52950

CVSS v3.1

5.3

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 2.7.0-3221

Description The issue concerns a missing encryption of sensitive data vulnerability in the login component. This allows adjacent man-in-the-middle attackers to obtain user credentials via unspecified vectors.

Recommendations For versions prior to 2.7.0-3221, update to version 2.7.0-3221 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2023-52950

Affected Products

Synology Active Backup For Business Agent

PT-2024-14788 · Synology · Synology Active Backup For Business Agent

CVE-2023-52950

Weakness Enumeration

Related Identifiers

Affected Products

References · 6