Publish Time: 2017-11-10 17:59:55 UTC+8
Last Updated: 2017-12-08 16:18:32 UTC+8
CVE-2017-15891 allows remote authenticated users to modify calendar events in an un-authorized manner via a vulnerable version of Calendar.
- Impact: Important
- CVSS3 Base Score: 7.1
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
- Calendar before 2.0.1-0242
- All Synology models
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
To fix the security issue, please go to DSM > Package Center and update Calendar to 2.0.1-0242 or above.