Synology-SA-18:40 Synology Application Service

Publish Time: 2018-07-30 14:36:54 UTC+8

Last Updated: 2019-04-01 02:35:00 UTC+8

Severity
Moderate
Status
Resolved

Abstract

These vulnerabilities allow remote authenticated users to obtain sensitive information via a susceptible version of Synology Application Service.

Affected Products

Product Severity Fixed Release Availability
Synology Application Service Moderate Upgrade to 1.5.4-0320 or above.

Mitigation

None

Detail

  • CVE-2018-13294

    • Severity: Moderate
    • CVSS3 Base Score: 4.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via uid field.
  • CVE-2018-13295

    • Severity: Moderate
    • CVSS3 Base Score: 4.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via version field.

Revision

Revision Date Description
1 2018-07-30 Initial public release.
2 2019-04-01 Disclosed vulnerability details.