CVE-2024-47265

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business versions prior to 2.7.1-13234 Synology Active Backup for Business versions prior to 2.7.1-23234 Synology Active Backup for Business versions prior to 2.7.1-3234

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the encrypted share umount functionality. This allows remote authenticated users to write specific files via unspecified vectors.

Recommendations For versions prior to 2.7.1-13234, update to version 2.7.1-13234 or later. For versions prior to 2.7.1-23234, update to version 2.7.1-23234 or later. For versions prior to 2.7.1-3234, update to version 2.7.1-3234 or later. As a temporary workaround, consider restricting access to the encrypted share umount functionality until a patch is available.