CVE-2022-22686 MEDIUM

CVE-2022-22686

Vendor Synology

Product Synology Calendar

Weakness CWE-352 · CSRF

Published July 26, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

Key dates

02Disclosure timeline

July 26, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-22686 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

Identifiers

CVE CVE-2022-22686

CWE CWE-352

CVSS 6.5 / MEDIUM

Affected versions