CVE-2023-52947

Published: Sep 26, 2024Modified: Oct 2, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.

Affected (1)

Products: Synology: Active Backup For Business Agent

1 product

Active Backup For Business Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Synology Active Backup For Business Agent	Before 2.6.0-3101

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://www.synology.com/en-global/security/advisory/Synology_SA_24_11

Source: security@synology.com

Vendor Advisory

Timeline

No history available yet.