We use cookies to help us improve our webpage. Please read our Cookie Policy.

Synology-SA-17:68 Calendar

Publish Time: 2017-11-10 17:59:55 UTC+8

Last Updated: 2017-12-08 16:18:32 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2017-15891 allows remote authenticated users to modify calendar events in an un-authorized manner via a vulnerable version of Calendar.

Severity

Affected

  • Products
    • Calendar before 2.0.1-0242
  • Models
    • All Synology models

Description

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

Mitigation

None

Update Availability

To fix the security issue, please go to DSM > Package Center and update Calendar to 2.0.1-0242 or above.