Vulnerabilities > CVE-2018-8927 - Incorrect Authorization vulnerability in Synology Calendar

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

synology

CWE-863

NVD

Published: 2018-06-14

Updated: 2021-05-12

Summary

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Calendar 1.0.0-0121 Synology Calendar 1.0.2-0131 Synology Calendar 1.0.3-0132 Synology Calendar 1.1.0-0146 Synology Calendar 2.0.0-0241 Synology Calendar 2.0.1-0242 Synology Calendar 2.1.0-0425 Synology Calendar 2.1.1-0502	8

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.synology.com/en-global/support/security/Synology_SA_18_16