Vulnerabilities > CVE-2022-22686 - Unspecified vulnerability in Synology Calendar

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

NVD

Published: 2022-07-26

Updated: 2024-11-21

Summary

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Calendar 1.0.0-0121 Synology Calendar 1.0.2-0131 Synology Calendar 1.0.3-0132 Synology Calendar 1.1.0-0146 Synology Calendar 2.0.0-0241 Synology Calendar 2.0.1-0242 Synology Calendar 2.1.0-0425 Synology Calendar 2.1.1-0502 Synology Calendar 2.1.2-0511 Synology Calendar 2.2.1-0518 Synology Calendar 2.2.2-0532 Synology Calendar 2.2.3-0534 Synology Calendar 2.3.0-0615 Synology Calendar 2.3.1-0617 Synology Calendar 2.3.2-0619 Synology Calendar 2.3.3-0620	16

Summary

Vulnerable Configurations

References